Security Overview

HunchBuzz is a New Zealand company that provides cloud-based idea and Innovation Management Software (IMS) globally. Our company is an approved supplier to the UK Government via the G-Cloud digital marketplace and our services are hosted at Amazon Web Services (AWS) datacenters.

Secure Communication

All connections to HunchBuzz are secured via SSL/TLS. Any attempt to connect over HTTP is redirected to HTTPS.

API and DMZ

HunchBuzz has a secure API framework within a Demilitarized Zone (DMZ). Front-end code is separated from the core API providing a robust security layer, access to the API is strictly limited.

Securely hosted in the Cloud

HunchBuzz utilises secure development best practices that integrate security reviews throughout design, prototype, and deployment. Hosted within a secured public cloud, the HunchBuzz platform is self-contained and cannot detect, interfere with or view any other platform within the hosting environment. This policy is managed at a layer not accessible to other platforms within the environment. More detail:

Limited Staff Access

HunchBuzz has strict rules and checks around who has access to the back-end database and services. Only specific staff have access to make changes and modifications, all access to the back-end systems is logged.

Content Verification

Post content verification is achieved through a web application firewall. Post-like events such as spam, login credentials, hacking, XSS, SQL injection will be stopped in real-time.

Browser Integrity Check

Our network Scans HTTP headers abused by spammers and denies access. These checks also challenge visitors that do not have a standard web browser or user agent.

Application Firewall

We use an industry standard Web Application Firewall (WAF) which detects and blocks common keywords used in comment spam, as well as attack signatures used in cross-site scripting attacks and SQL injections.