ABHAYASTRA Logo
Security Division

System Security Commitments

Last revised: June 30, 2026

1. Security Engineering Principles

ABHAYASTRA is built from the ground up on modern cryptographic and system-security foundations.

  • Client-Side Cryptography: Client keys are generated locally using device keystore modules. The server never receives raw credentials or unencrypted telemetry packets.
  • TLS Strict Mode: We disable older connection protocols, enforcing TLS 1.3 only, backed by strict HSTS routing.
  • Least Privilege Access: Backend servers route websocket coordinates only during active user SOS alerts. Access lists expire automatically.

2. Vulnerability Management & Patch Cycles

Dependencies are audited weekly. If packages exhibit security vulnerabilities, alerts trigger automatically via CI/CD scanners, and patched builds are deployed in production clusters within 24 hours.

3. Platform Auditing

Every year, we commission third-party penetration testing firms to review our Kotlin native application codebase, Express API servers, and COTURN signal architectures. Summaries of these reports will be made public in our journal posts.