Back To Home
Security Program

Security At MedReq

MedReq is designed with defense-in-depth controls for authentication, data access, request safety, and operational monitoring.

1. Core Security Controls

  • Server-side session verification for protected routes and APIs.
  • Same-origin checks, secure headers, payload limits, and anti-abuse request controls.
  • Rate limiting and idempotency handling on sensitive workflows.
  • Structured observability for incident tracing and response.

2. Operational Security

Access And Sessions

Authentication sessions use hardened cookie controls and are validated on the server for every protected operation.

Monitoring

Security-relevant failures are logged with request IDs to speed up triage and containment.

3. Vulnerability Reporting

Report vulnerabilities privately and include affected routes, reproducible steps, and impact details. Do not disclose high-risk findings publicly before coordination.

Response workflows, support windows, and release guidance are maintained in SECURITY.md.