Spam / Form abuse
IP ban via the Cloudflare dashboard, very effective for individual actors - Honeypot trap, can be added if spam becomes widespread
Security Overview
aerialps.com has a minimal attack surface by design, user data is not stored, there is no authentication system, and no database is directly exposed. Most threats are handled at the infrastructure level by Cloudflare.
Active threat responses
Section titled “Active threat responses”DDoS / Denial of Service
Cloudflare absorbs volumetric attacks automatically. Enable Under Attack Mode in the Cloudflare dashboard if an attack is confirmed.
XSS
Handled at the code level. No user data is re-rendered as raw HTML. Attack surface is minimal as form data goes directly to Web3Forms and is never stored by aerialps.com.
Other Threats
Cloudflare’s inbuilt “Under Attack Mode” can be activated.
We’re in good hands.
AerialPS also maintains a right to refuse service to those breaking the Terms of Service.
OWASP Top 10 - applicability
Section titled “OWASP Top 10 - applicability”Broken Access Control
Not Applicable
No access control exists on the site.
Security Misconfiguration
Handled
Managed automatically by Cloudflare.
Software Supply Chain
Monitor
Requires developer diligence: run npm audit regularly, use LTS versions,
keep dependencies lean.
Cryptographic Failures
Not Applicable
No cryptographic operations on the frontend.
SQL Injection
Not Applicable
No database is exposed on the frontend.
Authentication Failures
Not Applicable
No authentication system.
Data Integrity Failures
Low Risk
Relies on developer diligence and careful dependency management.
Logging & Alerting Failures
Low Risk
Primary impact would be user experience degradation, not a security breach.