We believe in a secure web, made by secure applications.
We offer advanced security features to protect against common attacks.
Hanami implements synchronized tokens against Cross-Site Request Forgery (CSRF), automatic HTML escaping to prevent Cross-site Scripting (XSS), a clear database API to avoid SQL Injection, Content-Security-Policy to stop untrusted assets to be loaded by you customer's browser, and other features.
We actively ship security improvements and assess for new vulnerabilities.
Reporting a vulnerability
If you find a vulnerability, please be responsible and do not share it publicly. Instead, please contact us: