Security

Marketpath takes security very seriously. Our system is decoupled which means the management backend is completely separate from the live website front end. You don’t have to worry about hackers taking advantage of outdated and insecure plugins.

Every data operation in the management portal (i.e. create, get, update, trash, publish, etc) is processed through our API Service layer and authorized in real-time. All user sessions operate over a secure connection and timeout after one hour of inactivity.

Our entire infrastructure operates within private virtual networks and is only accessible to authorized users & groups from within authorized networks. We use the Microsoft Azure Cloud Computing Platform which has a highly secure virtual and physical cloud foundation.

In addition to a decoupled and secure infrastructure, Marketpath provides a strong security posture by default on all sites and makes it easy for web developers to customize and improve on that security posture with as little effort as reasonably possible:

• No custom code is run on the live server, ever. Custom server-side scripts sound great until they unintentionally introduce potential security gaps.
• Configurable Strict-Transport-Security headers in as little as 2 clicks. This header prevents attacks from potentially routing traffic over insecure protocols.
• Configurable session cookies - typically used to store user preferences such as cookie permissions - automatically inherit security settings from the domain to prevent attackers from stealing session information through tactics such as domain or other traffic manipulation.
• Ability to set additional security headers - such as Content-Security-Policy - to custom values using built-in Marketpath Liquid Markup. These additional security headers have the potential to dramatically increase your client security but must be set to custom values on each site which makes having a flexible and secure content management system that much more valuable to your security posture.