RedLine13 is a load testing SaaS tool that fits into your overall existing architecture. We have taken steps to provide required security that keeps your data private, and if needed isolated to your environment.
RedLine13 stores the bare minimum in terms of identifying information – only your name (first and last) and your email address are stored in our system. Passwords are secured with a one-way cryptographic hash utilizing a salt. We never store sensitive identifiers. You can view our sign up form here. For email communication we use ActiveCampaign. They handle email distribution and our email list management.
We use AWS as the cloud infrastructure provider for providing load generator instances for your test. AWS already has a strong reputation in the industry for being security-minded. To interface with AWS we utilize an IAM role-based integration that grants only the essential permissions needed to perform your load testing. We provide this policy to you, and it is possible for you to modify and refine to your exact needs. As an extra measure of security, you can even isolate your load tests in a dedicated account.
Your load test files and attachments are securely stored in AWS S3 buckets. These files are referenced with links that have a short expiration period as an enhanced measure of security. If you would like to have even greater security and control over your load test files, it is possible to use your own S3 bucket and fine-tune those permissions to your desired standards.
Your load test results summary information is securely stored in an RDS database within our AWS account. This database is private, with our security following industry-standard best practices, and not accessible outside our network. Full results files are stored in private S3 buckets and furthermore feature time-limited access to the contents within. In general, log files contain primarily performance information without private data, though this will depend on your specific test configuration. The data we store consists of your results file and logs. To avoid us storing sensitive data in our AWS account, you should carefully design your test so that it does not output or log sensitive information that you don’t want stored.
All communication with our systems and your test occurs over encrypted transmissions (HTTP TLS). We maintain our internal systems by applying security patches and updates when necessary. Inside our architecture we have three server types: (i) primary web servers, of which we have multiple redundant instances for reliability and performance; (ii) event processing servers (statistics and load test events handling); and (iii) ephemeral servers which are spun up on demand for the processing of results and actions from large load tests.
We maintain proprietary images for our load generator servers, which are not accessible to the public or even our customers. Furthermore, access to these instances (e.g., via SSH) is not permitted except by the most senior-level RedLine13 developers and never shared with any of our customers. In terms of access to load generators, this can be further refined with deployment into AWS regions with limited network access (e.g., https://*.redline13.com).
Did you know that RedLine13 offers a full-featured free trial? Sign up now to run load tests within minutes and evaluate the security features of our platform.
Internal Account Access
Internal RedLine13 users are required to have their accounts utilize MFA to access RedLine13 services and support tools.