Security and Privacy

Security

• Validate and sanitize all user input on the client side to prevent malicious input from causing security vulnerabilities.
• Implement measures to prevent cross-site scripting attacks by sanitizing user-generated content and escaping special characters.
• If the following string is entered in a field, the according output must match the string. This applies both to fields to create content ("CMS") and fields that are visible to end users (e.g. contact form).
  大スД斬שمن ãó&#<br/><b>"'>#4;öÄü̂&<</b>»«´`1--2_3–‘’“”„‟% ~\"[^]\n\\€ÑÐË;:.
• Use a Content Security Policy to restrict the execution of scripts and other resources to trusted sources, mitigating code injection attacks.
• Apply CSRF protection techniques, such as including CSRF tokens, to verify the authenticity of incoming requests and prevent unauthorized actions.
• Ensure that all communication between the frontend and backend is encrypted using HTTPS to protect data from interception and tampering.
• Implement secure authentication and authorization mechanisms to verify the identity of users and control their access to resources.
• Follow secure coding practices to minimize security vulnerabilities, avoid hardcoded sensitive information and regularly update dependencies.
• Implement robust error handling and logging mechanisms to securely handle and log errors without exposing sensitive information.
• Conduct regular security testing, including penetration testing and security assessments, to identify and address vulnerabilities proactively.

Privacy

• Make sure that no sensitive data of any kind of users (system users, subscribers etc.) is exposed.
• Follow the guide to GDPR compliance.
• Where required provide a cookie banner and links to disclaimer, data protection and imprint in coordination with MCH Group.