Looking back on the early days of web development, security was not much of a concern because the web started out as an almost entirely read-only medium. Thankfully (and interestingly) this soon changed and websites quickly began to offer increasing levels of interaction with their users. With increased interaction came an increased risk of hacking and accidental misuse by the website's end-users, and web development had to grow up, quick-smart.
At Thirdrock we've developed our best website security practices around two principles - a rock-solid web development framework and strict input filtering.
- All of our websites are created using the model-view-controller (MVC) design pattern, which provides a very useful separation between the website design, application flow and business logic of our clients' websites. Our implementation of the MVC pattern makes sure that every website request is passed through a front controller which performs security checks on every single request.
- Being naturally cautious, all of our websites filter all incoming data and remove any unexpected data, on every request, every time. We've seen many websites which allow their end-users to submit any kind of data in web forms or directly into the website address (URL) - any sites which do this expose their users to unnecessary risk.