Security being an integral part of any application, needs to be addressed from the very beginning, even for simplest of application. we believe certain security measures are non-negotiable and has to be part of every application we build. We make sure no unnecessary data is captured, stored and leaked under any circumstances.
Some of the steps we follow are
- SSL Certificate pinning.
- Check against OWASP rules.
- Validate Input data before processing both for type and size.
- Do not store any sensitive data.
- Do not leak sensitive data as exceptions.
- Don’t rely on platform cryptography but use a custom one.
- Sensitive configuration data is stored in secured storage e.g. Azure Vault, AWS HSM
- Don’t store user credentials in database but use services e.g. auth0 etc to make your data GDPR compliant.
- Use encryption both for transit and data at rest for database.
- Mitigate DDOS attacks using AWS Shield, Azure DDoS Protection, Firewalls
- Using Rate Limiters if needed for APIs to manage availability across customers for a SaaS based product.