Secure Development & Data Protection

Security and data protection are not optional extras. I design and build .NET applications with a security-first mindset, following OWASP guidelines and aligning with your organisation’s data protection obligations, including GDPR.

The aim is to reduce risk without making systems unusably complicated for your staff or customers.

Secure development practices

• HTTPS everywhere, with modern TLS configuration and certificate management
• Defence against common web vulnerabilities (SQL injection, XSS, CSRF, etc.)
• Parameterised database access and careful handling of user input
• Role-based access control and least-privilege permissions
• Secure password storage with appropriate hashing and salting
• Regular framework and dependency updates to reduce known vulnerabilities
• Logging and audit trails for sensitive actions

Data protection & privacy

I support SMEs in putting sensible, proportionate data protection controls around their custom systems:

• Understanding what personal data is stored and where
• Implementing data retention and deletion routines in SQL Server
• Supporting subject access requests and data export in a practical way
• Enabling data correction and right-to-erasure features where appropriate
• Ensuring logging doesn’t inadvertently leak sensitive data