Question

  • Creator
    Topic
  • #2141012

    A new way to secure the app?

    by bryanvieta ·

    Tags: 

    Currently, I’m working on a web app for the finance company that runs on just LAN. My client wants me to be innovative when it comes to web security. I have developed the app with node.js and react.js.

    I have already used Bcrypt to hash passwords. My client wants something more to enhance security. I have no idea what to answer him. I will be grateful if you could just share something on this!

You are posting a reply to: A new way to secure the app?

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #2419816
      Avatar photo

      Let’s define “new.”

      by rproffitt ·

      In reply to A new way to secure the app?

      New would be concepts new to those that asked.

      As to security, that’s a topic we could go on and on.

      The story so far is that there is a balance of security and ease of use. Since I don’t know all the company, app and more security requirements (did they provide requirements either in PDF, documents or other hard form?) I can’t tell how far you must go.

      How about this. Beyond Bcrypt, maybe two factor logins and access. That is, when someone logs in, a text or message is sent to “the big cheese.” Or to get to a deed two factor, the boss must press some ALLOW ACCESS button on each login.

      Full disclosure. I know about some finance companies. Not all but in the case of those that refi they usually are fine with basic security and anything that slows down the process is never accepted without a lot of pushback.

      • #2419811

        Reply

        by bryanvieta ·

        In reply to Let’s define “new.”

        As I mentioned above that this app is going to be running on LAN (local area network).

        So, I proposed my client to ask computer networking administrator to set up firewall on the server. Let’s see what he says. He is one **** of a tech geek, he is irritating but a great mind. Its going to be difficult for me to convince him.

        Meanwhile, I’m going to do some research on two factor logins and access. Thanks for your help!!

        • #2419810
          Avatar photo

          The firewall.

          by rproffitt ·

          In reply to Reply

          I hate to write this but the security there is “not so good” as most attacks are from within and not from a direct attach from the web.

          Remember I can’t guess your system. You might have SQL (MySQL for most) and that can have it’s own security such as only allowing only access from specific IP. Nod to old discussions such as https://stackoverflow.com/questions/13208614/restricting-mysql-connections-from-localhost-to-improve-security

          Sorry for the typo above.

        • #2419801

          Sulotion

          by bryanvieta ·

          In reply to The firewall.

          I’m using not using SQL db but I’m using Mongodb, it works great with Express. I just found a few more security measures for it:

          – I can make Mongodb accept incoming requests from one particular port
          – I can use wiredtiger encryption at rest. With this, mongodb will encrypt all incoming data and protect with file-system permission.

          Along with that, my client has come up with another solution:

          – We will convert sensitive information to hash into binary and then save it to database, when a user wants that information, it will convert binary to hash and then descrypt like this website: https://binarytotext.net I just scrapped this website, there is just a few lines of code to develop a binary translator. They are using bignumber.js javascript library to deal with the large incoming data and convert to binary.

          I hope this will help users who are looking for the security of their app..:)

    • #3939079

      Application security best practices

      by sparity ·

      In reply to A new way to secure the app?

      1.Get an application security audit.
      2.Implement proper logging.
      3.Use real-time security monitoring and protection.
      4.Encrypt everything.
      5.Harden everything.
      6.Keep servers up to date. …
      7.Keep software up to date.

    • #3974734
      Avatar photo

      7 Web Application Security Best Practices

      by Upendra Patel ·

      In reply to A new way to secure the app?

      Security is a big issue for web development. There are many practices to follow to make your application more secure. Here’s a list of the seven most crucial web app security practices you should follow every time you develop a web application.

      7 Web Application Security Best Practices

      1. Carry Out A Full-Scale Security Audit
      2. Ensure Your Data Is Encrypted
      3. Implement Real-Time Security Monitoring
      4. Follow Proper Logging Practices
      5. Continuously Check For Common Web Application Vulnerabilities
      6. Implement Security Hardening Measures
      7. Carry Out Regular Vulnerability Scans and Updates

      For More Information Check This Article: https://www.tristatetechnology.com/blog/best-security-practices-for-a-web-application/

    • #3976951

      Reply To: A new way to secure the app?

      by ArhamSoftPvtLtd ·

      In reply to A new way to secure the app?

      Show an app chooser.
      Apply signature-based permissions.
      Disallow access to your app’s content providers.
      Use SSL traffic.
      Add a network security configuration.
      Create your own trust manager.
      Use HTML message channels.
      Check availability of storage volume.

Viewing 3 reply threads