Scope and purpose:
- All employees involved in the maintenance and optimisation of the ratemyservice.co.ke platform including system design, specifications development, and system implementation.
- These standards govern how we build and maintain our platform in an optimal, secure and controlled manner and according to industry best practices.
- The standards ensure that data remains accurate, consistent and trustworthy, and cannot be modified or tampered with by unauthorised parties.
Input Validation
- Validate and sanitize all user input server-side to malicious inputs (like SQL injections) from corrupting our system or altering data.
- Validate and sanitize all incoming requests at API endpoints.
- Use whitelisting techniques for input validation instead of denylisting.
- Implement Cross-Site Request Forgery (CSRF) tokens to manage sessions and prevent cross-site scripting attacks.
- Use middleware on protected routes and ensure proper error handling and redirects.
Database Integrity
- Store databases in subnets that are not directly accessible from the internet, reducing exposure to threats.
- Use database constraints and foreign keys to enforce referential integrity and prevent unauthorized access to object properties.
- Minimize database calls and normalize tables to prevent redundancy.