Learn a little bit more about how and why we implement the solutions that we have found garner the strongest results.
Keeping websites secure
This depends on the level of security necessary. If there are users with assigned emails and passwords, this requires an SSL certificate to allow for private browsing, as well as bcrypt encryption of passwords and usernames.
We use a myriad of methods to prevent various types of attacks/hacks such as SQL injections and XSS attacks. A few methods we use to prevent these things are to convert raw text into HTML entities, escape input before database insertion, and using salted hashes.
If there is an ecommerce aspect to the site, Visa rules and PCI-DSS compliance can come into play depending on various factors. In general, we suggest the payment processing be completed in a branded, but off-site capacity (like paypal) to remove the client’s website from the scope of PCI compliance, as this is a very time consuming and costly process.