Web Development

Question

A new way to secure the app?

By bryanvieta ·
Currently, I'm working on a web app for the finance company that runs on just LAN. My client wants me to be innovative when it comes to web security. I have developed the app with node.js and react.js.

I have already used Bcrypt to hash passwords. My client wants something more to enhance security. I have no idea what to answer him. I will be grateful if you could just share something on this!
Thread display: Collapse - | Expand +

All Answers

Collapse -

Let's define "new."

by rproffitt Moderator In reply to A new way to secure the a ...

New would be concepts new to those that asked.

As to security, that's a topic we could go on and on.

The story so far is that there is a balance of security and ease of use. Since I don't know all the company, app and more security requirements (did they provide requirements either in PDF, documents or other hard form?) I can't tell how far you must go.

How about this. Beyond Bcrypt, maybe two factor logins and access. That is, when someone logs in, a text or message is sent to "the big cheese." Or to get to a deed two factor, the boss must press some ALLOW ACCESS button on each login.

Full disclosure. I know about some finance companies. Not all but in the case of those that refi they usually are fine with basic security and anything that slows down the process is never accepted without a lot of pushback.

Collapse -

Reply

by bryanvieta In reply to Let's define "new."

As I mentioned above that this app is going to be running on LAN (local area network).

So, I proposed my client to ask computer networking administrator to set up firewall on the server. Let's see what he says. He is one **** of a tech geek, he is irritating but a great mind. Its going to be difficult for me to convince him.

Meanwhile, I'm going to do some research on two factor logins and access. Thanks for your help!!

Collapse -

The firewall.

by rproffitt Moderator In reply to Reply

I hate to write this but the security there is "not so good" as most attacks are from within and not from a direct attach from the web.

Remember I can't guess your system. You might have SQL (MySQL for most) and that can have it's own security such as only allowing only access from specific IP. Nod to old discussions such as https://stackoverflow.com/questions/13208614/restricting-mysql-connections-from-localhost-to-improve-security

Sorry for the typo above.

Collapse -

Sulotion

by bryanvieta In reply to The firewall.

I'm using not using SQL db but I'm using Mongodb, it works great with Express. I just found a few more security measures for it:

- I can make Mongodb accept incoming requests from one particular port
- I can use wiredtiger encryption at rest. With this, mongodb will encrypt all incoming data and protect with file-system permission.

Along with that, my client has come up with another solution:

- We will convert sensitive information to hash into binary and then save it to database, when a user wants that information, it will convert binary to hash and then descrypt like this website: https://binarytotext.net I just scrapped this website, there is just a few lines of code to develop a binary translator. They are using bignumber.js javascript library to deal with the large incoming data and convert to binary.

I hope this will help users who are looking for the security of their app..:)

Collapse -

Application security best practices

by sparity In reply to A new way to secure the a ...

1.Get an application security audit.
2.Implement proper logging.
3.Use real-time security monitoring and protection.
4.Encrypt everything.
5.Harden everything.
6.Keep servers up to date. ...
7.Keep software up to date.

Related Discussions

Related Forums