Katalon Security

We take full ownership of protecting your data like it’s our own. Trust is key. 
Katalon, the privacy and security of your data is top priority. We maintain a world class security program to protect your data through alignment with industry best practices and frameworks.
Feel confident that you are in the company of other Katalon customers in all industry sectors including highly regulated ones like Healthcare, Government, Banking, and Financial Services.
Katalon Security
Our compliance and certifications
We work to meet each of our compliance requirements while helping your business achieve compliance as well.
SOC Certification
ISO/IEC 27001:2013 Framework
Infrastructure and processes that keep your data intact
Data Classification
Data Classification
In order to enable licensing and attain maximum value from Katalon’s data analytics, the Katalon Platform requires access to your employee PII like employee first name, last name, corporate email and IP address.
Third-party audits and penetration testing
Third-party audits and penetration testing
We engage in independent third party audits for compliance certification and full scope penetration testing.
End to End Encryption
End to End Encryption
Katalon encrypts all the sensitive data that is at-rest and in-transit using strong and secure encryption algorithms including AES-256 and RSA 2048 bit respectively.
Auditable logs
Auditable logs
Katalon team has implemented comprehensive and auditable logs of key activities to enable event investigations and continuous monitoring by the Katalon Security Team.
Security backed by AWS, Stripe
Security backed by AWS, Stripe
Security credentials are encrypted within AWS Identity and Management services and Stripe is in place to protect your online payment data.
Data Retention and Removal
Data Retention and Removal
All your data is stored in an encrypted state, and backed up in line with our internal data retention policies or otherwise negotiated based on your needs.
Our DPA and MSA
Our DPA and MSA
Katalon MSA and DPA norms are supported by the people, processes, and technology necessary to protect customer personal data in compliance with legal and contractual obligations for regulations such as GDPR and CCPA.
Role-Based Access Controls
Role-Based Access Controls
Katalon is pre-configured with several roles that enable different levels of access to different aspects of the platform. This includes control of specific applications, user management other privileged actions.
Trusted by CISOs and developers worldwide
We protect and defend the most trustworthy platform for developers everywhere to test and build software.
View a demo
Trusted by CISOs and developers worldwide
Frequently asked questions
Does Katalon hold any 3rd party compliance attestations?
Katalon currently holds and maintains SOC2, Type II certification.
Does Katalon have an information security program?
Yes, Katalon maintains an internal Information Security Management System based on the ISO 27001 and the NIST CyberSecurity Framework. All employees are required to review and sign off on the policies upon hire and at least annually. This program is led internally by Katalon’s CISO.
Does Katalon depend on any cloud providers to support customer services?
Yes, the Katalon platform uses Amazon Web Services (AWS) for all production infrastructure and storage.
Do you have a disaster recovery plan (DRP) and business continuity plan (BCP)?
Yes, Katalon systems are hosted in AWS and take advantage of the native AWS services for continuity and redundancy.
  • Backups: Regular backups and snapshots are taken and tested.
  • High availability: Systems are designed and architected with high availability being a primary design goal.
What PII does Katalon process?
Katalon processes PII related to user license verification requirements including name, email, IP address, and in some cases deviceID in the event that support is needed.
What is your system patching process/schedule?
Katalon patches vulnerabilities based on criticality and in accordance with our internal SLAs within our Vulnerability Management policies. Best effort is made for critical, exploitable, vulnerabilities found on externally accessible assets.
In general, we take an immutable image approach to production patching. In that, all patching is done at the “golden image” level to enable rapid continuous deployment and remediation to production workloads.
Due to architecture design decisions, patches may be deployed in a rolling fashion.
What are some controls you implement for your application security program?
Katalon uses best practices for ensuring secure delivery of the Katalon Platform including:
  • AWS CIS Benchmark is used for hardening and vulnerability remediation.
  • Native IDS services are enabled at the OS level and vulnerability.
  • Vulnerability scanning, workload protection and cloud posture monitoring at the infrastructure level is handled through CNAPP, CWPP and CSPM.
  • Industry standard tools and processes for efficient and secure SDLC and CI/CD pipelines across all of its products.
  • All development follows agile workflow with defined release and support cadences.
  • Code security support is enabled with industry leading tools to enable:
    1. Static and dynamic code scanning.
    2. Secured shared secrets.
    3. Software composition analysis.
    4. Vulnerability testing.
How is user data stored? What encryption is used for data at rest and data in transit?
Data is stored within approved data stores within AWS. Structured data is stored within databases and unstructured data is stored within securely configured AWS S3 buckets.
AES 256-bit and TLS 1.2+ (RSA 2048-bit) encryption is enabled for data at rest and in transit respectively. Approved secure channels include SSH, HTTPS, and SFTP.
Further, sensitive records are hashed SHA256 at the database table level.
How are backups managed? What encryption is used? How are they destroyed when they are no longer needed?
Automated snapshots and backups are made within AWS CloudEndure and are destroyed systematically per policy.
If you would like to report a vulnerability to the Katalon team, please click here
Report a vulnerability