Scope and purpose:

• All employees involved in the maintenance and optimisation of the ratemyservice.co.ke platform including system design, specifications development, and system implementation.
• These standards govern how we build and maintain our platform in an optimal, secure and controlled manner and according to industry best practices.
• The standards ensure that data remains accurate, consistent and trustworthy, and cannot be modified or tampered with by unauthorised parties.

Input Validation

• Validate and sanitize all user input server-side to malicious inputs (like SQL injections) from corrupting our system or altering data.
• Validate and sanitize all incoming requests at API endpoints.
• Use whitelisting techniques for input validation instead of denylisting.
• Implement Cross-Site Request Forgery (CSRF) tokens to manage sessions and prevent cross-site scripting attacks.
• Use middleware on protected routes and ensure proper error handling and redirects.

Database Integrity

• Store databases in subnets that are not directly accessible from the internet, reducing exposure to threats.
• Use database constraints and foreign keys to enforce referential integrity and prevent unauthorized access to object properties.
• Minimize database calls and normalize tables to prevent redundancy.