Web applications tend to store a great deal of information nowadays. Some of that information can often be considered private and only 4% of breaches so far were “secure breaches” where encryption was used and the stolen data was rendered useless. What else? Websites are being one of the most common targets of attacks and according to the Breach Level Index as of 2018, the total number of reported data that has been stolen is more than 14 billion records.
Our service related to web development includes integrating our CMS (Content Management System) with a web design provided by the customer.
The overall process is as follows:
TAD CMS is a fully functional content management system (CMS) written in PHP and equipped with a variety of utilities that would ease the building process of any commercial website. Some of its main features are:
- WYSIWYG editor
- Mixed mono and multilingual content editing
- Media library to host all your assets in one place
- Supports any kind of collections and fields to match individual client needs
- Customizable role definitions
- Menu customization and rearrangement
- Modification of site and system settings
Apart from the content management utilities, our CMS focuses on security which means that it is bundled with an advanced and one of a kind WAF (Website Application Firewall) that prevents almost every well-known attack type and provides management over the different security modules.
The current version of TAD CMS offers diverse security features across several categories:
- File permissions
- File system access limitations
- Error reporting and logging
- Information leakage
- Directory indexing
Application-level security settings
- Adjustable attack filters - regex filters for URL path, GET, POST and body request parameters
- SQL injection and XSS attacks detection and prevention
- Mass requests prevention
- Malicious user-agents filtering
Monitoring, statistics, and management
- Access logs + drill down statistics
- IP whitelisting/blacklisting (with optional duration)
- Configurable notifications (e.g. sending out emails for specific attacks)
All of which ships with a free deployment procedure and technical support.