Pankesh
Security

Security controls matched to each project.

We apply practical safeguards based on the product, data involved, hosting environment, and agreed scope.

Security controls

Infrastructure

Hosting controls and network protection depend on the selected deployment environment.

Application

Supported APIs use validation, session protections, CSRF checks, and abuse controls.

Identity

Role-based access and session handling are implemented where the product requires accounts.

Data

Access is limited to what the service needs, with backup options defined by the hosting plan.

Monitoring

Operational logs and admin audit trails are used where they are available in the product.

People and process

Project access is limited to team members who need it for delivery or support.

Engineering practices

  • Input validation for public forms and APIs
  • CSRF protection for state-changing API requests
  • Rate limiting and duplicate-submit protection
  • Secure session cookie configuration
  • Role checks for administrative endpoints
  • Dependency and code review during delivery
  • HTTPS configuration for production
  • Security scope documented before launch

Report a vulnerability

Send the affected URL, clear reproduction steps, and your contact details. Do not include sensitive customer data.