Insights

Security and data privacy

3 min read
AI generated image of a team architecting a cloud application

Protecting your web systems with Si Novi

At Si Novi we take the security and maintenance of web-based systems seriously. Whether we are building an application from scratch or improving one that already exists, the first question we ask is how security fits into the architecture. After enough years writing software, I've come to see security as a way of working rather than something you bolt on at the end.

Bring us in as your outsourced development team and you get cost-effective web security work, ongoing support and maintenance, and the reassurance that your systems are being looked after by people who do this for a living.

Web security built on best practices

We build software to a high security standard, and we don't make it up as we go. We lean on authoritative sources such as the National Cyber Security Centre, the OWASP Foundation and MITRE, follow their guidance, and keep an eye on the threats as they emerge.

Our development practices follow the recommendations of the software and framework vendors we work with, so we're using techniques those vendors actually endorse. Through development we work to head off the common web application vulnerabilities, including:

  • Injection attacks
  • Broken authentication and access control
  • Data exposure
  • Cross-site scripting (XSS)

Data protection by design and default

Under GDPR, businesses have to put technical and organisational measures in place to protect individual rights and meet the data protection principles. The shorthand for this is 'data protection by design and by default', and at Si Novi we build it into every project from the start rather than retrofitting it later.

In practice that means:

  • Encryption of data in transit using SSL/TLS certificates.
  • Encryption of data at rest with AWS services like Key Management Service (KMS).
  • Access control mechanisms, such as multi-factor authentication.
  • Sensible backup strategies that account for Subject Access Requests and data deletion requirements.

We'll help you design and build web services that meet your GDPR obligations, from storing personal data properly to responding to Subject Access Requests in good time. We handle personal data ourselves, so we are registered with the Information Commissioner's Office (ICO) and comply with the Data Protection Act and GDPR in both our own work and our clients'.

Cloud security services

Cloud platforms like Amazon Web Services (AWS) put enterprise-grade security within reach of businesses of any size. Using AWS tools such as the Web Application Firewall (WAF), Key Management Service (KMS) and AWS Shield, we can protect your web systems with the same controls the big players rely on.

We are AWS Certified Developers at the Associate level, so we can recommend the right services for your situation and fit them properly into the systems you already run.

Security audits and remediation

If you're worried about the state of your application's security, or you just want an honest second opinion, we can help. We carry out security audits of PHP and JavaScript web applications and write up a detailed report with practical recommendations you can act on.

We can do the remediation work too, fixing the vulnerabilities and tightening things up, and we offer ongoing support and maintenance so your systems keep pace as threats change.

Work with us

We pair technical know-how with a proactive approach to keeping web systems safe. Whether you need a new application built, an existing one secured, or steady support for what you already have, we keep it reliable and cost-effective.

If any of this is on your mind, get in touch and we'll talk it through.


Do you have any thoughts on this article? Get in touch: hello@sinovi.uk


Authored by

Profile image of James Galley James Galley