LunaSec
LunaSec is a suite of security tools designed to protect sensitive data in web applications by adding just a few lines of code.
LunaSec is an end-to-end security system designed to protect your application by transparently encrypting sensitive data, from browser to database. It works seamlessly by storing your sensitive data and then giving you back a Token (a UUID) to retrieve data with later. LunaSec builds on that concept to offer many security and compliance features.
Features
- Secure By Default: Prevents data leaks by making your software resistant to many security issues like SQL Injection, XSS, and even RCE.
- Best-In-Class Compliance Software: Decrease your compliance overhead by 90%+ with centralized access control logic, audit logs, and automatic compliance validation.
- Simple Onboarding: Get started in minutes by adding * only a few lines of code* anywhere that sensitive data enters or exits your system.
- Built By Security Experts: Designed to bring leading security practices to your applications without requiring advanced security knowledge.
- Self-Hosted And Open: You retain control over your data by hosting LunaSec yourself. It’s open-source software licensed under a permissive Apache2.0 license.
- Zero Trust Architecture: All records are encrypted with a unique key that even LunaSec can’t access. Decryption only happens when you need it to.
- Scales Automatically: Supports even the largest loads by leveraging cloud-scale database services like AWS S3 and DynamoDB.
- Enterprise-Grade: We offer warranties, managed deployments, and custom support via our Premium Support packages.
System Architecture
LunaSec works across the components of your web stack to provide end-to-end data security. We’ve documented the components of the stack here and in the diagram below.
Who is LunaSec for?
LunaSec is designed to be used by anyone that needs to collect and store sensitive text or files in a production web application. Despite being built by Security Engineers, LunaSec does not require security expertise to get started. It’s designed to be used by ordinary Software Engineers and Developers.
Reasons to use LunaSec:
- Security & Data Privacy Compliance: GDPR defines sensitive data include Name, Email, Phone Number, IP Address, Credit Cards, and more. If you are subject to data privacy regulations and store any of that data, then LunaSec will help you achieve compliance more easily.
- Data Leak Protection: If you store data that needs to remain securely stored and private, then LunaSec will greatly increase your defenses against unauthorized data leaks.
- Data Inventory: The centralized nature of LunaSec makes it easy to track and monitor what data you’re storing, who and when it’s used, and help you enforce access controls around that data.
The LunaSec stack spans from the front-end to the back-end of your application and works alongside your existing code to keep your data encrypted and secure. To get started, please check out the steps below (“Trying LunaSec in 1 minute”).
How does LunaSec work?
LunaSec is similar to a safety deposit box that holds your sensitive data. Each piece of data gets a unique box, a unique key to unlock it, and a unique number to identify each box by. These boxes are then securely stored inside a bank vault that only a banker with special permissions has access to. Accessing the box requires proof of ownership and the key to unlock the box.
The boxes that the data is stored in are unable to be opened without the key. That means that even if the bank is evil, they can’t open the box. Even if the box is stolen by a thief, the thief can’t open the box without the keys. Only you are able to open the box.
Even if a thief steals the keys, they still have to get access to the box either through the banker or by breaking into the bank. One is useless without the other.
That’s the core value that LunaSec provides for you. LunaSec runs the bank, hires the bankers, and keeps your boxes secure. You just have to provide the data and keep track of the keys to access it.
We’ve designed LunaSec to mitigate many common security vulnerabilities that developers face. Each component of the LunaSec stack is designed to provide protection against specific attack scenarios. Please read more about the security of LunaSec here.
