Preventing XSS, CSRF, and other malicious data entry is a primary priority, ensuring that data is validated and scrubbed before entry in the database. The system tests that user-entered data--and even the form fields themselves--match prescribed, expected formats and values. Tokens are injected into each form as it is generated, to protect against potential CSRF attacks. Database abstraction layer performs additional security checks on data as it is written to and retrieved from the database. This of course is limited to the platform's configurable features and relies on customer discretion when creating content & selecting access and configuration rules. Stacks considers the data within the customer's dedicated instance property of the customer; we have strict policies re: data access and therefore do not proactively monitor client elections, uses or content.
Anonymous experiences, particularly in library environments with no PII, may result in customer elections and uses that allow for low-risk vulnerabilities that are unlikely to result in any harm. These can largely be mitigated by protecting access to authorized users. In cases where even low-risk vulnerabilities must be 100% prevented such as use cases involving PII, sensitive or proprietary content being stored, premium subscriptions tailored to customer policy are available that meet the world's most stringent standards. Many Fortune 500 companies and governments around the world choose Stacks to meet these most stringent use cases.
Should you detect an incident, please notify us immediately in support of our shared responsibility model. We also offer consultative services should you wish to explore advice on meeting your internal policies - this may include network security, access controls, system configuration, implementation analysis, etc. Please see our SLA and Terms of Service outlining our commitment based on our standard subscription service. It is our pleasure to service you and your users.