What We Secure
Security Features
-
CORS, HTTPS, and rate limits for API hardening (see glossary)
-
HTTP headers like HSTS, CSP, and X-Frame (see glossary)
-
Secrets stored in Azure Key Vault, with rotation support
-
Scanner reports and security header analysis
Weโll review your hosting, email, APIs, and auth settings โ and apply trusted hardening steps to reduce your exposure.
Glossary
While we try to avoid jargon, sometimes it's the clearest way to explain technical concepts. Here's a brief glossary of terms used on this page.
Security & Compliance
- GDPR
- General Data Protection Regulation โ EU/UK law on personal data.
- reCAPTCHA
- Google service that protects websites from bots and abuse.
- OAuth
- Open Authorization โ a secure way for apps to access user data without sharing passwords.
- API Key
- Unique identifier used to authenticate a request to an API, often used for basic access control.
- JWT
- JSON Web Token โ a compact, secure way to transmit identity and claims between systems.
- 2FA
- Two-Factor Authentication โ adds an extra layer of security by requiring a second form of verification.
- RBAC
- Role-Based Access Control โ restricts system access based on a user's role (e.g. admin, editor, viewer).
- Key Vault
- Azure service for securely storing secrets, certificates, and encryption keys, often used in secure infrastructure deployments.
- B2C
- Azure Active Directory B2C โ a Microsoft identity service for customer-facing apps, supporting social and enterprise logins.
- PBKDF2
- Password-Based Key Derivation Function 2 โ a secure hashing algorithm commonly used to store user passwords.
- MFA
- Multi-Factor Authentication โ requires two or more verification methods to enhance login security.
- OpenID
- OpenID Connect โ an identity layer on top of OAuth 2.0 used for federated authentication.
- SSO
- Single Sign-On โ allows users to log in once and gain access to multiple systems without re-authenticating.
- DNSSEC
- Domain Name System Security Extensions โ protects DNS from spoofing by digitally signing DNS data to verify its authenticity.
- Security Headers
-
Common HTTP headers used to harden apps:
- CORS
- (Cross-Origin Resource Sharing) โ restricts cross-origin access to APIs.
- HSTS
- (Strict Transport Security) โ enforces HTTPS connections.
- CSP
- (Content Security Policy) โ limits executable scripts and resources.
- X-Frame Options
- โ prevents clickjacking by disallowing iframes.
Email Authentication
- SMTP (Simple Mail Transfer Protocol)
- Standard protocol used to send email messages between mail servers. It's how your email gets delivered.
- SPF (Sender Policy Framework)
- Allows domain owners to specify which mail servers are permitted to send email on their behalf, helping prevent spoofing.
- DKIM (DomainKeys Identified Mail)
- Uses cryptographic signatures to verify that the message was not altered and was sent by an authorized domain.
- DMARC (Domain-based Message Authentication, Reporting & Conformance)
- Builds on SPF and DKIM to let domain owners publish policies and receive reports about message authentication failures.
Secure Your Website, APIs & Email
We help you lock down attack surfaces — from API headers and transport security to SMTP validation and cloud secrets.