Application Architecture and Security

1. TIERED APPLICATION ARCHITECTURE

The Encoding.com web application is multi-tiered into logical segments (front-end, mid-tier and data), each independently firewalled from each other. This ensures maximum protection while giving our developers the flexibility of a multi-layer architecture.

2. INDUSTRY STANDARD PROGRAMMING TECHNIQUES

At Encoding.com, we leverage industry-standard programming techniques, such as having documented development and quality-assurance processes and also following guidelines such as the OWASP ESAPI library to ensure that the applications meet security standards. In addition, all our code is peer reviewed prior to being released to QA, which ensures the engineering lead of each portion of the platform has approved any requested change to the platform.

3. APPLICATION TESTING

At Encoding.com, all application changes undergo both automated and manual testing, including full functional testing in a QA environment, and full performance testing in a staging environment before final deployment into production. Automated deployments are blue-green in nature, including a full regression test on the candidate environment, before traffic is moved between the old and new commit. This thorough testing process ensures that if anything fails during any step, the production system is not compromised.

4. VULNERABILITY TESTING

At Encoding.com, web application security is evaluated continuously by the Security & Risk Management team in sync with the application release cycle. This vulnerability testing includes the use of commonly known web application security toolkits and scanners to identify application vulnerabilities before they are released into production. Encoding.com also leverages external 3rd parties for periodic vulnerability assessments and penetration testing, ensuring our environment is secure and web transactions can occur with minimal risk to evolving threats.