Security
Security is foundational to everything we build. We implement defense in depth, following industry best practices to protect applications and data from common attack vectors.
Key Areas
| Area | Description |
|---|---|
| Authentication | Verifying user identity |
| Authorisation | Controlling access permissions |
| SSL/TLS | Encrypting data in transit |
| WAF | Blocking malicious requests |
| ACL | Fine-grained access control |
📄️ ACL (Access Control Lists)
An Access Control List (ACL) is a security mechanism that defines which users or system processes can access specific resources and what operations they can perform. ACLs are fundamental to implementing fine-grained authorization.
📄️ Attack Vectors
An attack vector is a path or method that a malicious actor uses to gain unauthorised access to a system, network, or application. Understanding common attack vectors is essential for building secure software.
📄️ Authentication
Authentication is the process of verifying identity - confirming that users are who they claim to be. It answers the question "Who are you?" before authorisation determines "What can you do?"
📄️ Authorisation
Authorisation determines what an authenticated user is allowed to do. While authentication answers "Who are you?", authorisation answers "What can you access?"
📄️ SSL/TLS
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over networks. They encrypt data in transit, preventing eavesdropping and tampering.
📄️ WAF (Web Application Firewall)
A Web Application Firewall protects web applications by filtering and monitoring HTTP traffic between a web application and the internet. It operates at Layer 7 (application layer) and can block common attack vectors like SQL injection and XSS.