If you discover a security vulnerability, please email security@lateralflowscanner.com.

Please do not report security vulnerabilities through public GitHub issues.

We will respond within 48 hours and work with you to understand and resolve the issue.

• JWT authentication
• Password hashing with bcrypt
• Rate limiting
• Input validation and sanitization
• HTTPS only in production
• Regular dependency updates
• Security headers (Helmet.js)