What is Web Security?
It is the implementation of tools and functionality which provide protection against known or potential threats to a website and web-system. It is best performed during the web development process itself and should not be an afterthought. What could be more important than the solidarity and assured security of your business' critical data and information?
Your Website (and business) Secured.
In our development process we take a number of steps to ensure that the websites we build are secure. These are a few of our standard business rules for building secure websites:
- SSL-enforced Communications for logins and access to any administration functionality.
- Role-based Security providing granular permissions.
- Core features fully Unit Tested.
- SQL Injection prevented by use of an ORM with parameterised queries only.
- Suitable Password Policies for all authenticated users.
- CSRF (Cross Site Request Forgery) countermeasures in all secure sections.
- DOS Protection; request-rate limiting modules prevent a single IP address from overwhelming the website.
- Direct Object Reference Protection; prevents users accessing unauthorised material by simply changing the ID in the Url.