Summary
Craig Francis is a seasoned website developer with 16 years of experience building web-based systems that prioritize accessibility, security, and performance. Based in Bristol, he designs and maintains production sites that power invoicing, online ordering, reporting, CRM, and support workflows. An active security practitioner, he leads the Bristol OWASP chapter, maintains the WordPress database component, and invented the literal-string technique to eliminate injection vulnerabilities. He was an early adopter of Trusted Types in production and has helped test and resolve issues around CSP, Site Isolation, and SameSite cookies. Comfortable across server, database, and frontend stacks, he combines hands-on engineering with practical security stewardship. Colleagues note his knack for turning tricky security and compatibility problems into reliable, auditable solutions.
16 years of coding experience
5 years of employment as a software developer
John Cabot CTC