If you have any questions about Averum security, please contact us at security@averum.com or (425) 486-2149.

Software Security

Averum's software was designed from the ground up with security in mind. All access to the system, either via browser or web services, requires a valid company name, username and password. All user sessions are secured via SSL encryption. Passwords are hashed, ensuring they cannot be accessed or decrypted by Averum personnel or unauthorized users. Each action is validated to ensure that the user has permission for that action and for the data they are accessing. All data is fully validated to prevent common hacks such as SQL injection or other errors caused by invalid data.

For each browser session, a temporary cookie is written to the user's browser. Averum does not use cookies to store confidential information such as the username or password of the user. For added security, no permanent cookies that enable automated login are permitted. For web service sessions, a unique ID is used in place of the cookie, and the IP address is tracked to ensure that all requests are coming from the same IP address used during login. Both browser and web services sessions automatically time out after not being accessed for a specified amount of time: 20 minutes for browser sessions and 2 hours for web services sessions.

Hosted Edition Security

In addition to the security of the software and user sessions, Averum utilizes advanced technology to guard the security of your company's data on our servers. Our servers are hosted in a physically-secured facility with firewalls and other advanced technology to prevent access by unauthorized persons.