Security is our top priority. If you think you've found a vulnerability in any BlazeMeter API Monitoring (Runscope) service, please contact us.
How We Keep You Safe
BlazeMeter uses best practices for Internet security. This helps ensure that your data is safe, secure, and available only to authorized users. Your data will be completely inaccessible to anyone else, unless you explicitly choose to share that data with the public.
BlazeMeter API Monitoring enforces secure HTTPS for our entire website, including the public (unauthenticated) parts of the site. All communications with the API Monitoring API are also protected with SSL. We also use HTTP Strict Transport Security to ensure your web browser never interacts with BlazeMeter over insecure HTTP.
BlazeMeter API Monitoring provides each user in your organization with a unique user name and password. These credentials must be entered to access your organization’s data.
How To Keep Yourself Safe
BlazeMeter can be used to inspect traffic to APIs that communicate via plain-text HTTP or encrypted HTTPS. When you use API Monitoring with a plain-text HTTP API, all network traffic between your server and BlazeMeter will be sent in plain text, as will all network traffic between BlazeMeter and your API provider.
For this reason, we recommend that you use HTTPS whenever possible. If an API gives you the choice, you should always use HTTPS.
API Monitoring buckets are writable given that you know the randomly generated bucket key; however, data can only be viewed by the bucket owner. You may optionally enable secondary authentication for a bucket. Authenticated buckets require an additional secret token to be supplied in either an HTTP header or query string parameter to write to a bucket. If you would like to enable authentication tokens for your buckets, you may do so by enabling them in the Bucket Settings page on your dashboard.
Contacting BlazeMeter Support
If you have found a security vulnerability in a BlazeMeter web site or service, or if you have further questions about your data's security, send an email to firstname.lastname@example.org or contact the Account Team.
Your email will be reviewed promptly. We request that you not publicly disclose the issue until it has been addressed by BlazeMeter.