The fact is that there are crooks among us. This will never change.
There is an old adage about keeping all your eggs in one basket - don't. The monolith was always going be a gamble when it came to website security. It's such a yummy target filled to the brim with goodies. The crook's dream. All assets and user data sitting there behind a massive revolving door that can never be locked. Things coming and going 24/7. If that is your websites architecture - just sit back and hope it isn't your clients' info that get stolen. That your number never comes up. There's bigger fish, right? Wrong. The data is in and it ain't pretty. Just in the first 9 months of 2019...
Well, we don't have a solution to completely stop theft. What we can do, is to make their efforts to access your site a useless proposition. Keepnothing of value is there. No database, card numbers, user names, etc.. keep all those assets uncoupled and stored separately not only from your site, but from one another. Serve the entire website as static html then we go and get the data or service as needed. Will this stop all theft? Sure, on your end, but we are still as vulnerable as the service is...say Stripe. However, we can spread out risk and have no moving parts on our end. We can uncouple personal data from service. So, if a hacker were to get say a card number they won't get the corresponding name. If they get into your Cloudinary account, you lose a picture or two but not your inventory records. We can mitigate risk. We can leave very little real-estate open as endpoints. GraphQl is fantastic at only getting only the data needed. Let's try not to put everything on the Stagecoach as we travel west. Then we can hope the bandits see a bigger target elsewhere.
If you have any questions on how we can help secure your website drop us a message.