At Si Novi we take the responsibility of securing and maintaining web-based systems very seriously.
When building an application from scratch, or taking on an existing application for further development, our first considerations are for how security fits into the application architecture. As experienced software developers we know that security should be a way of working, not an afterthought.
We'll work with you as your outsourced development team, providing cost-effective web security services, ongoing support and maintenance of your application - and ultimately peace of mind that your web systems are being protected and cared for.
At Si Novi we are dedicated to building software that adheres to best practice security techniques. We follow authoritative sources on web security threats and mitigation, such as the National Cyber Security Centre, the OWASP foundation and MITRE. We follow these organisations guidance and monitor their feeds of emerging threats to ensure we're always current.
When building web applications, we follow the guidance of the vendors of the software or framework that we use, always using vendor-approved methods.
We make considerations at all times of the most common web application vulnerabilities, such as Injection, broken authentication & access control, data exposure and cross-site scripting.
The GDPR requires you to put in place appropriate technical and organisational measures to safeguard individual rights by implementing key data protection principles. Known as ‘data protection by design and by default', in the web industry this concept means building software with appropriate security measures in place from the beginning.
At Si Novi we follow best-practice web security principles and consider data privacy under the Data Protection Act and the GDPR from the start of every project. We'll consider technical measures such as encryption of data in transit with SSL/TLS certificates, encryption of data at rest using AWS services such as KMS, access control via various authentication mechanisms, and backup strategies that allow for Subject Access Requests and deletion of personal data. We can help you design and build web services that allow you to answer your obligations under the GDPR, such as storing personal data appropriately and responding to Subject Access Requests.
As a business that processes personal data, we are registered with the Information Commissioner's Office and we abide by the Data Protection Act and GDPR legislation in both our own business activities and for the work we provide for clients.
Cloud computing providers like Amazon Web Services bring the possibility of enterprise-grade security into the hands of small businesses. With features like AWS Web Application Firewall (WAF), AWS Key Management Service (KMS) and AWS Shield, we can leverage powerful security services and protect your web-based systems.
As AWS Certified Developers at Associate level, we are experienced users of Amazon Web Services and can advise on the best solutions to use and how to integrate them into your existing web systems.
If you have any concerns about your current security posture, or would like an appraisal of your current web-based software, we can help.
At Si Novi we perform web security audits on PHP and JavaScript web applications, providing you with an analysis report, together with recommendations for improvements.
We can also then perform the remediation work ourselves, fixing security issues and improving your application’s security stance. We can support and maintain web applications to ensure they remain up to date and hardened against common threats.
Contact us today to start the conversation about your web system security.
