Security Features of the Dashboard

​

Overview

​

Security features

​

SSL

• All data transmitted between your browser and the TestDriver web application is encrypted using HTTPS.

​

Authentication

• Users can only authenticate via OAuth, provided by Auth0, ensuring secure and reliable user authentication.

​

Team management

• Administrators can add or remove individual team members.
• Only administrators have the ability to manage team settings.

​

Role-based access control (RBAC)

• The first user to create a team is designated as the administrator.
• Administrators:
  • Are the only users who can view the API key.
  • Can manage team settings.
  • can’t be removed from the team.
• All other users are normal members with limited access.

​

API key rotation

• Teams can rotate their API key for enhanced security.
• It’s recommended to rotate the API key every 90 days to minimize risk.

​

Secret masking

• Test replay logs and network requests are automatically scanned for sensitive information, such as:
  • Credit card numbers
  • Emails
  • Passwords
  • API keys
• Detected secrets are masked with asterisks (****) to prevent exposure.

​

Encrypted at rest

• Test replays and logs are securely stored on Amazon S3 and encrypted at rest.
• Test results are only accessible via temporary signed URLs.
• Signed URLs are generated exclusively for team users and expire after a set duration.

​

Notes

• The TestDriver web dashboard is designed with privacy and security as top priorities.
• For additional security, ensure your team rotates API keys regularly and reviews team member access permissions.
• If you have specific security concerns or questions, please contact TestDriver support.