The many technology layers that are needed to deploy even the most basic websites are prone to attack. Malicious attackers aren't the only concern for data security. Any misuse of data (such as login credentials) or accidental access to data (such as leaving users logged in after their session has finished) can leave data systems unprotected for human misuse.
The level of data protection we build into applications depends on a balance between risk tolerance, technical implementation, usability considerations and budget. For example, a username/password login combination may be required to access data. The sensitivity of the data in question will determine whether an encrypted SSL connection should be installed.
We can discuss your exact security requirements in addition to the precautions we take with every website.
All of our websites are natively built with good security practices
Understanding the vulnerabilities that a typical webstack can have allows us to responsibly manage data. Most security holes in server based technologies can be eliminated by taking some basic steps such as:
- Validating user-inputted data from web-forms where an attacker may try manipulating an application
- Configuring web servers to allow access only to 'public' information
- Using strong passwords on databases and login features
- Disabling detailed technical error reporting that may give an attacker clues as to how to manipulate an application
- throttling login attempts to stop brute-force attacks (i.e. password guessing)
- IP blocking to help prevent denial-of-service attacks