So this is a fairly general question, but w/all the recent (and not so recent) file-transfer-application related security issues (eg: GoA, Accelion, MoveIt, etc), I was wondering what Liquidfiles might specifically be doing to help prevent such a problem. Additionally, what other users of Liquidfiles might be doing themselves. Sure, I've done basic stuff - enabled auto-update, put the web-gui behind a WAF (AWS WAF in my case), enabled Duo/MFA for authenticated logins, etc. I've enabled some of the basic built-in stuff like BruteForce protection, Admin IPs restriction, and am constantly reducing the GeoIP list (again AWS WAF.) I get there's only so much that can be done or might be worth the RoI on either Liquidfiles company's part or for us end-users. Note, I'm primarily focusing on actual security breaches and not an authorized user accidentally sending the wrong file, for example. Has anyone done (and be willing to share the results of) a pen-test, or code-review? I don't even know how to go about beginning such a task (which I suspect I wouldn't/couldn't do anyway, even if I did!) Again, I realize this is a fairly general question, and most mitigations and attack surface area reductions steps are probably very specific to each user's specific use-case. But if anyone has things they've tried, I'd love to hear them, even if they're built-in to Liquidfiles - maybe you have an interesting way of using feature-x aside from its obvious? Thanks all. PS Yah, the MoveIt breach has caused our local security team to reevaluate mft-like applications again.