All requests are predefined with a specification of parameters, their expected types and validation methods. This makes for a strong first security layer that blocks anything that doesn't looks like a request our app would expect.
Cherrycake implements a CSRF threat detection mechanism automatically integrated into all sensible requests.
Cherrycake can log all attacks and keep track of suspicious IPs, automatically blacklisting clients that have passed a configured threshold.
Cherrycake provides a secure user authentication and session tracking mechanisms using modern password encryption and server-based session data storage.
Thanks to a thorough lifecycle and its modular structure, Cherrycake allows for the easy implementation of new security mechanisms and the improvement of the existing attack detection routines. We encourage you to contribute your suggestions, ideas and security improvements through the official GitHub repository.