Security is the Foundation

As your technology partner, I prioritize the security of your e-commerce. In the era of the NIS2 directive and GDPR, I ensure you don't have to worry about the "backstage". Below you will find a transparent list of procedures, tools, and standards I apply in every project.

View Procedures Request an Audit

1. Infrastructure Security

Your data is only as secure as the hardware it is processed on. I make no compromises regarding digital hygiene.

Hardware & System

I work on dedicated Apple hardware (macOS) with active, full disk encryption (FileVault). In case of theft or loss involved, your data, source codes, and passwords remain mathematically impossible to read.

Identity Management

I apply a rigorous password policy. I use the Bitwarden password manager, generating unique high-entropy character strings. All access to repositories and servers is protected by multi-factor authentication (MFA/2FA).

DEV

2. Development Cycle (DevSecOps)

Secure code is created before it hits the production server. My workflow with Laravel and PrestaShop projects is based on isolation and control.

  • Code Repositories (GitHub) Source code stored in private repositories. Access secured with 2FA.
  • Secrets Protection I never commit .env files with passwords to the repository. They are transmitted via a secure channel.
  • Controlled Patch Management I do not implement updates automatically "blindly". Impact analysis -> Maintenance window scheduling -> Deployment.

Backup Policy

Data is the currency of your business. I apply a strategy that minimizes the risk of loss in case of server failure or ransomware attack.

Cyclical backups (Automation)
Enterprise class storage: Backblaze B2 (Off-site)
Archive encryption before shipment (AES-256)

3. Incident Response Procedure

In case of detecting an incident (break-in, critical failure), I launch a proven 5-step procedure to minimize losses.

01

Isolation

Immediate cutoff of infected resources or shutting down the store to stop the attack.

02

Log Analysis

Identification of attack vector and damage scope based on server and application logs.

03

Vulnerability Removal

Patching the vulnerability that enabled the attack (e.g., module update, password change).

04

Restore

Restoring a clean version of the store from a secure, verified backup.

05

Report

Providing information about causes, effects, and preventive steps taken.

4. Ecosystem and Legal Compliance

Security is also about choosing the right partners and clear cooperation rules. I recommend and work exclusively on proven infrastructure that ensures appropriate SLA levels and service separation.

  • Trusted Hosting Partners (Webh, Hostido, Seohost)
  • Non-disclosure Agreements (NDA) as standard
  • No Vendor Lock-in (Code belongs to you)

Legal Note

Information contained on this page constitutes a description of technical and organizational standards applied by Web Berserker Michał Sobczak. Legal requirements regarding specific entities (e.g., key entities under the KSC/NIS2 act) may require individual arrangements and additional data processing entrustment agreements.

Want to collaborate?
Send an inquiry
Contact me

Web Berserker
Michał Sobczak

Address: os. Jana III Sobieskiego 40/2N, Poznań 60-688

NIP: PL5761591075

Menu

Designed by Jagoda Szerement

Copyright © 2026 Web Berserker Michał Sobczak | All Rights Reserved