- 2013: All 3 billion Yahoo! accounts compromised. Names, birth dates, phone numbers, and passwords of users were compromised in this huge data breach which Yahoo! confirmed in 2017.
- 2016: 412 million Friend Finder accounts breached. Usernames, emails, and passwords compromised.
- 2017: Equifax hacked, data from 146 million accounts stolen. Sensitive information like addresses, social security numbers, and driver license numbers were leaked along with names and birth dates.
- 2018: Marriott/Starwood database attacked, over 500 million user accounts compromised. That data included names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood Preferred Guest loyalty program account information, arrival and departure times, and reservation dates, of their clients.
Have you ever experienced fraud? A shopkeeper overcharging you, a scammer calling you, or an online store selling you damaged products- these are everyday occurrences, and some may even go on with their lives without acting against the defrauder. However, when you read the events mentioned above, you surely didn’t count any of them as minor frauds. Digital security continues to baffle tech experts and as a developer, it should be something you have to take very seriously as well.
Millions of apps and websites go online every year. Very few make it big internationally. Greater the popularity, mightier the security risk. Look at Yahoo!, for example. It’s a huge domain, even after Verizon acquired it. Yet, it had security flaws that enabled hackers to steal data. You don’t want to put your users at risk like that. The question is: “How?”
App security begins not after your users start using your app and share data with you, but way before that – when you begin to write the code. In this article, we will look at the 3 important strategies you must adopt to fortify and protect your apps-
- Source Code
- Database
- Network
Protect the Code: Does Programming Language Matter?
Developers, mostly those new to the scene, spend a lot of time looking for the most secure coding framework. Every language has security practices that you can learn and then code accordingly. A good app developer is one who adapts with the different languages and their vulnerabilities to write a code that cannot be reverse-engineered. Obfuscation software can also help in preventing the source code from being visible.
GitHub has free tools that you can use to scan your code if you’re not that familiar with a language. These vulnerability scans have helped to rectify flaws faster. Many app development companies also employed automated scanners that help their developers to check their program as they write it. Always use updated code packages to enhance this security further.
Protect the Database: How Much Information Are You Storing?
How much user data does your app need to operate? That’s the basic question that you have to ask yourself when setting permission requests and in-app forms. A basic utility app does not need as much information as an online payment app would require. If you are collecting sensitive information such as bank account details, identification numbers, and the like, then you have to store the data in such a way that doesn’t give a hacker any lead even if one manages to breach your database’s security perimeter.
Scrambling the data is a great option that many big companies are now opting for. The SHA-3 method hashes the data and makes it unreadable. To make it more secure, add a hashed password in the mix. You don’t have to scramble everything, just the sensitive bits. This way only the appropriate data is available for market analysis and other purposes. Identities should be protected at all costs.
Where do you store the data? A central storage server seems like a comfortable option as it is easy to maintain and extract data from. However, your data becomes a sitting duck for attackers. It’s better to categorize your data according to sensitivity and store them with better encryption methods. For example, you can store only the hashed versions of passwords, instead of the original characters. Secure the data before it leaves your users’ devices.
Protect the Network: Is it secure enough to transfer sensitive information?
The best practice when it comes to network security is to encrypt the traffic with end-to-end protection. Engage automated checks to inspect the communication, ensuring that every request is going through an HTTPS connection. Your app should not accept untrusted and/or self-signed certificates. Certificate validation is an important aspect of TLS communication.
There is no scarcity of steps and strategies you can pursue to make your app and website a secure place for your users. However, even with everything you do, someone might just find a loophole somewhere. Which is why your codes should be easily patchable. Have protocols in place to tackle hacking attempts. To conclude, this is what Neil Armstrong had to say about getting overconfident:
“Well, I think we tried very hard not to be overconfident because when you get overconfident, that’s when something snaps up and bites you.”
