Besides delivering projects on time, it is also our responsibility to make clients aware of the importance of website security. As we do lots of external web application QA testing for our clients in London, we take extra efforts to check and prevent JS and Sql injection, although the possibilities are low with the new and proven development frameworks. The passwords for client are captcha protected to avoid bot logins and admin logins go through a 15 day password change.