Skip to main content


LunaDefend Security Levels

LevelTokenizerAuthenticationAuthorizationCryptographic Environment
3DedicatedAuth ProviderAppTokenizer
4DedicatedAuth ProviderSecure FunctionsTokenizer

Level 1: Simple Tokenizer

level 1 config


Security - Sensitive plaintext is no longer being passed around by the application. Tokens are used to identify information and the content is only resolved when explicitly needed.

Developer Experience - Almost no changes are needed to the code base. Compatible with any frontend framework.


Security - In the case of a Remote Code Execution(RCE) in the frontend or backend, the attacker will have access to sensitive information.

Suitable For

Small team, compliance focused security.

Level 2: Dedicated Tokenizer and Existing Auth

level 2 config


LunaDefend Secure Frame is an iFrame served from another domain. It becomes very difficult for an attacker to exfiltrate the sensitive information entered and displayed in the secure components. Your application's session management is a point of attack because LunaDefend has to trust it.

Developer Experience

Deployment of a dedicated tokenization server and replacement of frontend components with secure components, only certain frontend frameworks supported.

Suitable For

Small to mid-size team in need of hardened security.

Level 3: Dedicated Tokenizer with Authentication Provider

level 3 config


Auth Provider hardens the authentication and session management for your existing application to access plaintext directly, very difficult to attack.

Developer Experience

User management code such as signup pages and session management is no longer needed, it comes from the auth provider. The auth provider is an additional service that must be configured and deployed.

Suitable For

Enterprises and government organizations in need of very robust security

Level 4: All of the above with Secure Function support

level 4 config


Secure Functions are ephemeral virtual machines which allow serverside access to secure data. These functions exist in isolated environments which greatly reduce the attack surface the code which interacts with sensitive information. Additionally, a specialized Secure Function can be created which will control authorization decisions for frontend detokenization.

Developer Experience

Centralized authorization greatly simplifies compliance requirements. Individual teams do not need to create and maintain authorization code outside of a single location.
Security auditors can quickly audit just the small pieces of code that run in the Secure Function.

Suitable For

Enterprises and government organizations in need of the most robust security solution, especially where serverside processing of sensitive data is required