Security is a complex problem with a fast-changing landscape. Your team should strive to write secure code, but it is often best to rely on third-party specialists to verify your project’s security.

Web Security

For web-based projects, make sure you have a plan to address at least the following common types of security vulnerabilities:

  • SQL Injection
  • Cross-site scripting (XSS)
  • Cross-site request forgery (XSRF)
  • Cross-site script inclusion (XSSI)

Consider implementing a strict Content Security Policy (CSP) for your web-based projects, which helps protect against most XSS attacks.


If your project collects personally identifiable information (PII) from users, features user-created content or user accounts, or is otherwise security-sensitive, consider using a third-party security review of the project.

GDPR Compliance

Instrument works to ensure GDPR compliance on all applicable projects. This is a multi-discipline effort involving development, design, and strategy. Instrument often partners with external experts to ensure that requirements are completely satisfied and that we are aligned across disciplines and over the entire course of a project.

Internal Security

Instrument goes through an annual third-party penetration test to ensure that our networks, systems, and processes are secure, and the results of those tests can be shared with clients.