Our Commitment to Web Security

We take the security of your information seriously. Here are some of the general practices and principles we keep in mind to help protect data and ensure a safe browsing experience:

Django's Built-in Security Features

This site is built with the Django web framework, which is based on the Python programming language. Django is designed with security in mind and provides several protections against common web vulnerabilities by default.

Cross-Site Scripting (XSS) Protection: Django's template system, by default, escapes variables unless they are explicitly marked as safe. This helps prevent malicious scripts from being injected into pages and executed in users' browsers.

Cross-Site Request Forgery (CSRF) Protection: Django makes it easy to enable CSRF protection globally. This ensures that forms (POST requests) are genuinely submitted from your own site, protecting against actions being performed on a user's behalf without their consent. Our contact form utilizes this protection.

SQL Injection Protection: Django uses a built-in Object-Relational Mapper (ORM) for database interactions. This means that database queries are constructed safely, significantly reducing the risk of SQL injection vulnerabilities. While raw SQL queries are possible, they are not typically used in standard development and are handled with care when necessary.

General Web Security Principles

Beyond specific form handling, we aim to follow general web security best practices:

• Regular Updates: We keep our server software, Django framework, and any other dependencies updated to protect against known vulnerabilities.
• Input Validation: We validate data submitted to our site to prevent common web attacks like SQL injection or Cross-Site Scripting (XSS), though for a simple contact form, the risks are managed primarily through Django's built-in protections.
• Principle of Least Privilege: Our application and database users are configured with only the necessary permissions to perform their tasks.

Cloudflare security

The Cloudflare HTTP DDoS Attack Protection managed ruleset is a set of pre-configured rules used to match known DDoS attack vectors at layer 7 (application layer) on the Cloudflare global network. The rules match known attack patterns and tools, suspicious patterns, protocol violations, requests causing large amounts of origin errors, excessive traffic hitting the origin/cache, and additional attack vectors at the application layer. Cloudflare updates the list of rules in the managed ruleset on a regular basis. Refer to the changelog for more information on recent and upcoming changes. The HTTP DDoS Attack Protection managed ruleset is always enabled — you can only customize its behavior. The HTTP DDoS Attack Protection managed ruleset provides users with increased observability into L7 DDoS attacks mitigated by Cloudflare, informing users of ongoing or past attacks. The Security Events dashboard, available at Security > Events, will display information about the top HTTP DDoS managed rules.

Your Role in Security

While we do our part, your security also depends on your own practices:

• Use strong, unique passwords for any online accounts.
• Keep your browser and operating system updated.
• Be cautious about links and attachments from unknown sources.

This page provides a general overview. If you have specific security concerns, please feel free to reach out through our contact form.

Return to Contact Page