Security is built into every layer of Cyber Jeopardy. The service runs on AWS serverless infrastructure with no persistent servers to patch. All traffic is served over HTTPS via CloudFront. Authentication is passwordless — users receive a time-limited sign-in link by email, eliminating the risk of password reuse or credential stuffing.
The API runs on AWS Lambda behind API Gateway with short-lived IAM roles scoped to the minimum required permissions. Game data is stored in DynamoDB with encryption at rest. Static assets are served from S3 via CloudFront with strict Content-Security-Policy headers.
We enforce HTTPS-only access, HTTP Strict Transport Security, and per-resource CSP headers on all pages. API endpoints require per-request authorisation tokens. Game access codes are randomly generated and not predictable.
If you discover a security vulnerability in Cyber Jeopardy, please report it to us before making it public. We commit to acknowledging reports within 2 business days and keeping you informed as we investigate.
Please send vulnerability reports to security@cyberjeopardy.com. Include a description of the issue, steps to reproduce, and the potential impact. We ask that you do not access or modify other users’ data while investigating.
We conduct periodic security reviews of the application and infrastructure. If you are a security researcher who would like to perform authorised testing, please contact us first.
Security questions and vulnerability reports: security@cyberjeopardy.com