Bablab websites' security

Website security goes beyond the sensitivity of the pictures in a portfolio website. Hacked websites might serve attackers to infect its visitors and often get automatically blacklisted and removed from search results. Most chances are that a visitor warned or infected by your site is a lost one.

 

All Bablab websites have SSL/TLS

TLS (Transport Layer Security), and its predecessor SSL are cryptographic protocols that secures communication over computer networks. TLS secures your portfolio website by encrypting the connection between the browser and the web server, preventing unauthorized parties from seeing or altering data in transmission, and protects against impersonation by requiring web server identity (a valid certificate).

  • Subdomain websites (e.g. andy.bablab.com) are covered by Bablab’s wildcard certificate.
  • Websites with connected domain names (e.g. chemallanos.com), are automatically issued a dedicated certificate, free of charge.
We are using Let’s Encrypt certificates, an open certificate authority (CA). Let’s Encrypt is currently the world's second-largest certificate authority, covering more than 144 million unique domains.

Our TLS implementation receives an “A+” rating from Qualys SSL Labs.
Bablab portfolio website on Qualys SSL Labs
Moreover, having HSTS headers (HTTP Strict Transport Security) enabled, forces a secure connection - HTTPS only.

 

Software Security

Our CMS (Content Management System) is a proprietary web application, developed by Bablab with no fingerprint, nor any fingerprinted external resource.
Most CMSs have plugins, themes, modules and integrations which are exposing vulnerabilities to attackers. Maybe one of the most known cases is that of Wordpress plugins and Wordpress themes that continue to be a serious threat in WordPress websites to this day.

 

Content Security Policy

Bablab websites enforce CSP (Content Security Policy), which defines the allowed sources for each type of content (e.g. scripts, images), specifically designed to defend from XSS attacks (cross site scripting). It also controls browser's settings, from sandbox enforcement to the value of HTTP Referer header.

 

Cookies security

Cookies sent by Bablab's web application and Bablab's portfolio websites have the following attributes:

  • Secure - Prevents browsers from sending cookies over an insecure connection.
  • HttpOnly - Prevents client-side scripts to access the cookie by telling browsers to only transmit the cookie over HTTP(S).
  • SameSite - Prevents CSRF attacks by not sending the cookies when the request comes from another website.

Ready to dive in?
Start your portfolio website today.

Bablab websites are fast

A Bablab portfolio website loads in 2 seconds. That’s the fastest loading time on the internet. Having a fast loading website is one of the key elements of modern web presence.

Bablab websites are simple

Website builder is a complex tool that requires some learning. As with any software/application, the more complex the application is - the more time needed to learn it.

Bablab websites are privacy-friendly

All Bablab websites are secured, encrypting the connection between your website and its visitors. This keeps communication safe from malicious third parties. We issue and renew an SSL certificate for each website, for free.

Bablab websites have outstanding SEO

Search Engines Optimization directly affects the amount and the quality of your website visitors. The better optimized your website - the more visitors it has, and more chances for you to be contacted.Here is how Bablab website do so well on search engines.