Skip to main content
Constellate

There is nothing to breach.

Most platforms try to secure a fundamentally vulnerable architecture. We removed the architecture. A Nitrosite is a set of static files served from read-only storage behind a content delivery network. There is no server to compromise, no database to exfiltrate, and no admin panel to brute-force. The attack surface is not small. It is absent.

0
Breaches
0
Databases
0
Login endpoints
0
Server runtimes
§ The architecture

Security through elimination.

The conventional approach treats security as an arms race: a vulnerability is discovered, a patch is deployed, and everyone hopes the next one is found before an attacker finds it first. We decline to play that game. Each Nitrosite is pre-built into flat files and published to a read-only object store, then served to the world through an edge firewall and a global cache. The visitor receives static documents and nothing more.

The same discipline runs deeper than hosting. Before a single page is designed, NitroCMS unifies five data sources and hands them to our analysis engine for synthesis. The site is the product of evidence, not improvisation, and its security is a property of the architecture rather than a feature bolted on afterward.

Fig 1. The request path
description
Static files
Pre-built HTML, CSS, and images. No executable code on the origin.
lock
Read-only storage
Immutable object storage with no write access and no upload endpoint. There is nothing to modify.
shield
Edge firewall and CDN
A web application firewall and global cache absorb malicious traffic before it reaches the origin, which is never exposed directly.
person
The visitor
Receives flat files only. Every step between them and your content is read-only.
§ The categories that do not apply

We do not patch vulnerabilities. We prevent them from existing.

When the component that creates an entire class of attack is removed, the attack disappears with it. Eight of the ten OWASP categories are addressed by architecture alone.

OWASP category Why it does not apply Status
Injection No database to query means no query to inject. The entire class of SQL injection cannot occur. Eliminated
Cross-site scripting No dynamic rendering of user input on the server. Pages are pre-built and immutable, with security headers set at the edge. Eliminated
Broken authentication There is no login endpoint, no session, and no credential to steal. Nothing to authenticate, nothing to break. Eliminated
Security misconfiguration No server runtime to harden and no application stack to misconfigure. The surface a misconfiguration would expose does not exist. Eliminated
Sensitive data exposure No database holds client data on the website. TLS 1.3 is enforced on every request, with HTTPS and HSTS applied at the edge. Eliminated
XML external entities No server-side XML parser processes untrusted input. The component that the attack targets is not present. Eliminated
Insecure deserialization No server-side code deserializes data, because there is no server-side code at all. Eliminated
Vulnerable components No plugins and no third-party runtime means no supply-chain risk. The site depends on its own flat HTML, nothing else. Eliminated

OWASP categories addressed by architecture alone: eight of ten. The remaining two are matters of operational discipline rather than the application surface a static site exposes.

§ The attack surface

The standard law firm site versus a Nitrosite.

Typical WordPress site
  • cancel A database, open to injection
  • cancel A server runtime, open to remote code execution
  • cancel A public admin login, open to brute force
  • cancel Dozens of plugins, each an unpatched risk
  • cancel File upload endpoints, open to malware
Nitrosite
  • check_circle No database
  • check_circle No server runtime
  • check_circle No login endpoint
  • check_circle No plugins
  • check_circle Zero attack vectors
§ Defense in depth

Every layer is protected anyway.

The architecture eliminates most threats by design. We add further layers on top, because confidentiality deserves more than a single line of defense.

Edge protection
  • check Web application firewall with OWASP rule sets and rate limiting
  • check Automatic DDoS detection and mitigation
  • check Automated bot and scraper filtering
Transport and encryption
  • check TLS 1.3 enforced on every request
  • check Certificates auto-provisioned and auto-renewed
  • check HTTPS redirect and HSTS headers enforced
Origin and storage
  • check Read-only object storage, no write access
  • check Origin reachable only through the CDN, never directly
  • check Security headers set at the edge
§ The stakes

Why a law firm, in particular.

A law firm holds some of the most sensitive material on the internet: privileged communications, financial records, and the private circumstances clients disclose in confidence. That concentration of confidential information makes a firm a high-value target, and the duty to safeguard it is not merely good practice. It is an ethical obligation.

A compromised website is not only an embarrassment. It can become a matter of professional liability. The most reliable way to protect privileged data on a website is to build a website that holds none and exposes nothing.

The business case, plainly stated

  • database No database means no client records to exfiltrate from the site, and no entire class of injection attack to defend.
  • terminal No server code means no remote execution. You cannot run code on a server that does not exist.
  • verified_user No plugins means no supply-chain risk. The site's security depends on its own flat HTML, and on nothing borrowed.

Verify it for yourself, then write to us.

View the source of any Constellate page. You will find no WordPress, no plugins, and no login. If client confidentiality is how you would like your website to be built, write to us. Four questions. We reply within two business days.