| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability in FalconScan, please report it by emailing [your-email@example.com].
Please do not report security vulnerabilities through public GitHub issues.
We will acknowledge your email within 48 hours and send a more detailed response within 5 days indicating the next steps in handling your report.
When deploying FalconScan in production:
- Environment Variables: Use environment variables for all sensitive configuration
- HTTPS: Always use HTTPS in production
- Secret Key: Generate a strong, unique
DJANGO_SECRET_KEY - Debug Mode: Set
DEBUG=Falsein production - Database: Use PostgreSQL instead of SQLite
- File Uploads: Implement file size limits and virus scanning
- Rate Limiting: Implement rate limiting on API endpoints
- CORS: Configure CORS to allow only trusted origins
- Updates: Keep dependencies updated regularly
- APK files are stored on the server - ensure proper access controls
- Decompilation process requires sufficient system resources
- JWT tokens have 1-hour expiration by default