Security

CrossBrowserTesting.com has built the entire system with security and our customers' privacy in mind.

Environment
CrossBrowserTesting.com uses a private hosting facility to ensure the security of the testing infrastructure. All systems, virtual machines, physical Mac minis, iPhones, iPads, and physical Android phones are located in this locked down, secure facility.

Application level security
CrossBrowserTesting.com encrypts all customer passwords. All login data and payment information is passed over secure https connections. We utilize Authorize.net for maintaining credit card account information and do not store any credit card information at CrossBrowserTesting.

Privacy
Ensuring the privacy of a customer's testing sessions is paramount to our mission at CrossBrowserTesting.com. All data from a testing session, including cookies, browser history, cached data, and saved browser passwords are cleansed after each use to ensure the next customer to request a configuration receives a pristine environment. This is done in several ways depending on the environment:

Virtual machines - our Windows, Linux, Windows Phone emulator, Android emulators, iPhone & iPad simulators and 10.8 OSX configurations run as frozen disk images on virtual machines. These snapshotted images are reverted after each use to their original, frozen state. This has a number of benefits:
- Privacy. Any changes to the image are lost once the test session ends. This includes any browser data, history, cache, cookies, saved passwords, etc. All changes are lost, and the system reverts to its clean state.
- Flexibility. Since these machines are reverted back to their clean, pristine state after each use, we can allow you to make changes to them while testing. Need a different version of flash than the one install? You can change it. Need to test it with Adobe reader 10 instead of 11? You can change that too. Once you finish your test, however, the system will revert to its original, pristine state.

Netbooted Macs - our OSX configurations (10.5.7, 10.5.8, 10.6, & 10.7) run on real, physical Mac minis. These Mac minis are netbooted from a frozen disk image. After each test, the system is rebooted and reverts to its original, pristine state. This provides all the protection, privacy, and flexibility inherent in our virtual machine environment.

Physical iPhones, iPads, and Android devices - We are the only browser testing service to provide access to real, physical iPhones, iPads, and Android devices. There is no substitute for testing on the actual devices your customers will be using. These physical devices are locked down so only the browsers can be run. After each use, a clean script is run to remove all browser history, cache, cookies, and any other saved data. The device is then placed back in the pool for future use.

Network access
Our live tests are accessed by default with a Flash based vnc client utilizing web sockets over SSL (i.e. encrypted traffic over port 443). We also provide options to connect via the vnc protocol over port 80 or a randomized port range from 6020-6100.

Local Tunnels
CrossBrowserTesting.com allows you to test not only public sites, but also development and test sites within your network. This is accomplished with a signed java applet which you can run either inside your browser or from a command line. This applet creates a secure shell (SSH) tunnel from your machine to our server. When you launch a test in our system while you have a local tunnel connected, that browser sends all traffic via this secure tunnel to your machine, where the request is handled and sent back to the remote browser to be rendered. The tunnel is strictly limited to the user account that created the tunnel. To disconnect the tunnel, you can close the browser window it was launched from or stop the command line based java applet.

Test results
CrossBrowserTesting.com allows you to take snapshots and videos of live tests you run. These recordings are critical to the QA process, allowing you to document issues seen while testing and communicate them to the developers. In addition, you can capture network packet recordings of any tests, allowing you to see the http request stream from a page request. This is a great troubleshooting tool. The screenshot system also captures and saves both windowed and full page screenshots of the urls you test. All of this data is saved securely on Amazon S3.