Security is a priority for us. We want to keep users of the sites created and organisations using the software safe from computer viruses, data theft, and phishing attacks.
- No need to use CDN
The application handles performance and storage of data. - SBOM available
At Cradle CMS we work with SBOMs as a way to increase security and as a part of software supply chain risk management. - Self-managed hosting
Hosting is under your control, on a cloud service, on premise or a mixture. - Low on dependencies
Security is not better than the weakest link, we keep track of security breaches and limit dependencies and unknowns. - Access Control
Roles with different level of permissions. Human errors are considered to be a weak link for security and limiting privileges to only those who need them reduces the risks considerably. - Multi-server setup possible
The system can be installed with three separate images; admin, front-end and backend, making it possible to secure admin behind a firewall. - Content Security Policy (CSP)
CSP is a security feature that helps prevent cross-site scripting (XSS) attacks and other code injection attacks. It allows website owners to specify which sources of content are allowed to be loaded on their site, such as scripts, stylesheets, and images. - SSL-certificates
Supports automatic https certificates from Let’s Encrypt and other ACME compliant providers. - Form input validation
Form input validation is a security feature that helps prevent attacks, it checks user input for malicious code or invalid data before processing it. - Structured logging
Logging and monitoring are important security features that can help detect and respond to security incidents. They involve keeping track of user activity and system events, and analyzing them for signs of suspicious behavior.