RESPONSIBILITIES OF AN APP DEVELOPER IN ASPECTS OF SECURITY

By

 RESPONSIBILITIES OF AN APP DEVELOPER IN ASPECTS OF SECURITY

1 Afroze Gul 2 Dr. Muhammad Naeem

Laureate Folks International

ERC, PAKISTAN

https://laureatefolks.blogspot.com

laureatefolks@gmail.com, WhatsApp: +923334446261

1. Authentication

Authentication identifies that whether the credentials of the user match the credentials in the database, and it is essential for the app developers to give it its due consideration.  The process of authentication also determines access to a server through a user name and password, cards, retina scans, voice recognition, or fingerprints. This is how servers authenticate and identify who is accessing the information of the site or server. This process is done at the start of the application. Authentication is also done through clients. In this case, the server certifies that it belongs to a certain entity. It is certified through a trusted third party (Verisign or Thawte). If the app developers do not give due importance to authentication, they are, surely, going to face problems later due to a lack of a high-level authentication mechanism. It can lead to a number of security issues. To avoid security problems, app developers must focus on user authentication. Cybercriminals can easily enter into a system to gain information if authentication is not of a high level. Therefore, it is essential for an application to have a strong password policy to prevent it from being decoded. App developers should also consider multi-factor authentication, which is pulled off through e-mails, OTP, biometrics, or authentication code.

1.1. Methods to Implement Authentication

       Password-based authentication- The password of the user is matched by the value in the password file of the system. The vulnerabilities of this method can be encountered by factors prompting a minimum length of the password, as well as the usage of capital letters and symbols.

       Two-factor authentication (2FA)- In addition to the password, this method requires the user to provide a verification code. This code is sent to the registered number or email through SMS or mail.

       Multi-factor authentication (MFA)- In this method,  the user has to authenticate through fingerprint or facial recognition.

       OTP- a numeric or alphanumeric key, which is generated automatically to authenticate a user. It is called a one-time password (OTP),  as it is only valid for one login session.

       Three-Factor Authentication (3FA)- This method uses three steps to authenticate: a knowledge factor (password), a possession factor, and an inherence factor.

       Biometrics- often a part of 2FA or 3FA- include fingerprint, facial, retina, or voice recognition. Sometimes, authentication is solely dependent on biometrics.

       Mobile Authentication-This include MFA. It allows the users to authenticate through their devices.

       Application Programming Interface (API)- It involves HTTP basic authentication, API keys, and open authorization.

2. Authorization

It is a process that helps the server to identify whether the client is permitted to access the files or resources of the server or not. It is closely linked with authentication. Authentication verifies the credentials, whereas authorization grants or denies access to the user. Authorization is also called access control or client privilege. Through this process, a user may or may not be permitted to download a particular file or to access a specific administrative resource. Authorization is specific, as it may permit the client to access one file but may not allow accessing the other one on the same server. Besides, security teams maintain settings to make authorization work. The data is moved through an access token.

3. Security Auditing

Auditing- a cyber-security assessment strategy- is essential for securing the physical configuration and software of the system. It also secures information handling processes and user practices. It is essential for getting along with the regulations that specify how companies should deal with the information. Auditing involves vulnerability assessments and penetration testing. Vulnerability assessments focus on finding vulnerabilities in a security system. Additionally, penetration testing includes a test done by a security expert. It analyzes whether the security system can hold out against a particular attack or not. A good security audit plan must be repeatable and easy to update. The involvement of stakeholders should be emphasized for the best results. It is imperative to note that security auditing helps to analyze security vulnerabilities and gaps to improve the security of the application or the system. Therefore, security auditing is a must for protecting the networks and devices. It also prevents data breaches, data leaks, and criminal interference and identifies whether the current security strategy is working or not.

4. Inter-Process-Communication (IPC)

It allows the system to manage the shared data. IPC involves programming interfaces. It permits a programmer to synchronize and coordinate activities securely. IPC may include coordination between applications or coordination between procedures in a multi-process application.

 Security Management by the Monolithic FGTO Application

The monolithic FGTO application-a Java and Spring Boot application- has many modules, which handle security. These modules manage FGTO order service, FGTO consumer service, FGTO restaurant service, FGTO restaurant service, FGTO courier service, FGTO domain, FGTO common (money and address). The delivery management and order management of the monolithic FGTO manage the schedules of deliveries.

This is Muhammad Naeem; a Ph.D. Scholar; born in Lahore Pakistan; a Professional Online Tutor in Business Education (Marketing & Management Courses), a Creative Non-Fiction Writer (Blog posts, Articles, Web Contents, Social Media Content Writing, Biographies, and Autobiographies, etc.), An Editor, Proofreader, Digital Marketing Specialist, and a passionate learner in learning new skills. He has obtained his graduation degree in Commerce from “Hailey College of Commerce”, and MBA (Marketing) from "Institute of Business Administration", University of the Punjab Lahore, Pakistan. He has also obtained a Master of Philosophy (MPhil) in Business Administration with a thesis in Marketing from the National University of Modern Languages (NUML) Lahore, Pakistan. Moreover, He is having exposure to the traditional experience of more than one decade in academia and industry. He believes in self-learning, acquiring new skills, and a passion to contribute something to make this world a better place. Regards,

Comments

Post a Comment

Popular Post

Performance Appraisal and Employee Motivation

By
Image
                                          Performance Appraisal and Employee Motivation 1 Sadia Malik Awan 2 Dr. Muhammad Naeem 1 University of Central Punjab 2 Laureate Folks International ERC, Pakistan https://laureatefolks.blogspot.com laureatefolks@gmail.com , WhatsApp: +923334446261       1.       INTRODUCTION Performance appraisal is a vital part of human resource studies. It is the key factor that measures segments for the motivation of an employee in any organization. The success of any organization depends on the performance of the employee. To align the performance of an employee with the organization’s goal, the process of performance appraisal is crucial.  Human Resources can give a distinct benefit to any organization. (Becker and Huselid (1998)). According to Burden 2010, without employee...
laureatefolks.blogspot.com

Post-Colonial Perspectives on the Novel Ice Candy Man

By
 A Conceptual Research Paper Author Name: Inkisar Ali (English Language and Literature) laureatefolks@gmail.com Post-Colonial Perspectives on the Novel Ice Candy Man   Introduction The scourge of colonialism has had enormous impacts not only on economic, political, historical life but on cultural and social as well. The phenomenon of colonialism reached to almost more than half of the world and since then it has been shaping lives of the people all around in those erstwhile colonies. Bill Ashcroft in his famous book The Empire Writes Back (1989) explains the term post-colonial in these words that post-colonial covers all those who are affected by the imperial process from the moment of colonization to the present day. (p.2). In the same manner the literature written in those erstwhile colonies from the moment of colonization till present day can be regarded as post-colonial literature. It does create some sort of confusion in the post-colonial time frame and there exits ...
laureatefolks.blogspot.com

What are the Genres of Writing?

By
Image
 Dear Laureate Folks, Today, we discuss the Genres of Writing . Let,s Start, There are primarily two genres of writing; Fiction and Non-Fiction . What is Fiction Writing? It is made up of imaginations, self-created stories, day-dreaming where you usually got the ideas through your observation or inspired by reality contents. You simply write by using your sixth sense like vision, touch, hearing, taste, and smell.  Fiction writing includes the followings: 1. Poetry like the sonnet, eulogy, Haiko, Blank Verse, Limerick, Tank, Cinquain, Epic couplet History, narratives, and Meters, etc. 2. Listicles / Fun Writing (Slogans, Taglines, Gingles, Song Writing) 3. Drama (Realistic Characteristics, Imaginations, Develop Characters, Research Literary Archetypes) 4. Novels 5. Science Fiction 6. Real Fiction 7. Myopia Mythology 8. Climate Fiction 9. Comedy Fiction (K rule, Rule of three, Comparison Joke, Funny Anecdotes, memes, jokes, Cliche & Extremities) 10. Slapstick Comedy 11. Cre...
laureatefolks.blogspot.com

Selection of Optimum Supplier through Mathematical Modeling in the Supply Chain

By
Image
                 Selection of Optimum Supplier through Mathematical Modeling in the Supply Chain 1 Kashif Ayaz (Industrial Engineering) 2 Dr Muhammad (Business Administration) 1 University of Engineering and Technology 2 Laureate Folks International https://laureatefolks.blogspot.com laureatefolks@gmail.com , WhatsApp: +923334446261   1            INTRODUCTION Purchasing is one of the most strategic operations in a business since it allows you to cut costs while also improving the quality of the raw materials. Furthermore, effective procurement decisions have a good impact on the manufacturer as well as the overall supply chain. Choosing the best suppliers is a crucial organizational planning decision that has impacts across an organization. Supplier purchases account for a large part of many firms' total costs. There are suppliers and customers in ever...
laureatefolks.blogspot.com

AN INVESTIGATION ON THE REASONING OF HAIR LOSS AND THE ROLE OF VITAMINS

By
          AN INVESTIGATION ON THE REASONING OF HAIR LOSS AND THE ROLE OF VITAMINS                                                                  (An Explanatory Research Essay) Authors: Ms. Iqra Ahmad (Bahauddin Zakariya, University) Mr. Muhammad Naeem (Laureate Folks International) laureatefolks@gmail.com   ABSTRACT The current research study is explanatory in nature to explore the relationship between the use of vitamins and control of hair loss. The researchers aim to explore the role and benefits of using multiple kinds of vitamins to stop hair loss at young ages of life. Because at a young age, personality grooming is directly linked with your personal appearance. Excessive hair loss and baldness ruins people's appearance and...
laureatefolks.blogspot.com