Stacklane approaches security as a default requirement of any web application, from simple to complex. Security should be an inherent consideration from the first line of code written, and not require later revisiting after the early stages of development. The following is an overview of steps Stacklane automatically takes to protect your application and data.
Content Security Policies are a security standard which helps prevent common techniques for cross-site scripting (XSS), clickjacking, and other code injection attacks. A CSP header allows a site to declare trusted sources of its content (scripts, styles, images, fonts, etc).
All HTML served by Stacklane uses a Content Security Policy (CSP). Instead of later revisiting an application to add-on a policy, Stacklane makes using a Content Security Policy easy through a combination of automatic behavior and custom declarations.
All model data hosted with Stacklane is encrypted-at-rest. Data is replicated and redundantly stored across multiple geographic regions. Data can withstand the loss of entire regions and maintain availability without losing data.
Stacklane requires that all server-to-server code, connecting to remote third party APIs, use our secure key vault. This encrypted vault is one-way — administrators may add keys to it, but from then on keys are only used in server-to-server communications.
This approach ensures that third party usernames, passwords, credentials, and tokens are not stored in source code, since they are unusable from within the source code itself.
For user login functionality, Stacklane requires the use of trusted third party providers. This ensures that users do not need to remember and manage yet another password, and also simplifies your application — there is no need to provide "remember my password", "change password", "change username" options, since these are instead the responsibility of the identity provider.
Accepting content created by users is challenging enough. Stacklane ensures that all incoming data is sanitized. For uploaded images, unsafe content is automatically detected and blurred.