Skip to main content

Security

Security designed into the system

Controls are selected for each application’s users, data, risk and operating environment.

Threats, trust boundaries, access roles, sensitive data and failure modes are considered during discovery and architecture.

Validation, least privilege, secret isolation, secure browser policy and auditable server behaviour are applied where relevant.

Deployment, rollback, logging, backup, monitoring and incident responsibilities are documented for the engagement.

Responsible reporting

Report a security concern

Email admin@workroot.in with “Security report” in the subject. Avoid including personal data beyond what is needed for initial triage.