Skip to main content

Securing web app

 

  • Use HTTPS - stops "man in middle" attack
  • Use load balancer - control internal vs external applications
  • Input validation mandatory. 
  • 2-factor authentication
  • Restrict failed attempt to avoid malicious logins
  • Captcha to avoid the bot.
  • a session should have timeout based on application criticality
  • re-verify login for critical data access 
  • Limit access rate to stop Denial of service attack. 
  • prevent SQL injections     ("select * from students where student_name =" + name + ";")
  • Encrypt data on 3rd party storage 
  • Hash the passwords 




Comments

Post a Comment

Popular posts from this blog

[PUZZLE] ELEPHANT AND BANANA PUZZLE

A merchant has bough some 3000 banana from market and want to bring them to his home which is 1000 km far from Market. He have a elephant which can carry maximum of 1000/- banana at time. That could have been easy but this elephant is very shrewd and he charges 1 banana for every one kilometer he travel. Now we have to maximise number of banana which should reach to home. Solution: At present we are at 0th km with 3000 banana and elephant. Lets see if elephant have to shift all the 3000 banana and elephant by 1 km. For 1 km shift: Take first 1000 banana and drop at 1st km. 2 banana consumed. One banana each for to and fro. Second  1000 banana and drop at 1st km. 2 banana consumed. Third 1000 banana and reach at 1st km. 1 banana consumed. So all in all total 5 banana will be consumed if we shift a kilometer. But that's not all, our total banana number are also reducing so we may have to reduce the number of turns too. And this will happen once we have reduced the b...
Post a Comment
Read more

Multi Factor Authentication

How to make sure User A is User A as he claims, not User a. Our old movies smugglers can teach us a few tricks here. There are multiple levels or factor of authentication. 1. First Factor - Something you only know. It's like a secret pin, key, pattern or password.     In the old movie, there used to be a secret code between smugglers.  Parties involved in the transaction only knows this secret code. 2. Second Factor - Something you only own. It's like the ATM card, phone, device or OTP.      In the old movies, smugglers used torn currency note. Both parties will have one part.  One party need to show ownership of half of the torn currency note to receive goods from another party. 3.  Third Factor - Something you are. It's related to your physical appearance. Like your face, your thumb impression or voice. Your personal physical traits will be used to identify you.      Remember hero duplicates being used to catch smuggl...
Post a Comment
Read more

Car Parking Problem

There is n parking slots and n-1 car already parked. Lets say car parked with initial arrangement and we want to make the car to be parked to some other arrangement. Lets say n = 5, inital = free, 3, 4, 1, 2 desired = 1, free, 2, 4 ,3 Give an algorithm with minimum steps needed to get desired arrangement. Told by one of my friend and after a lot of search i really got a nice solution. I will post solution in comment part
3 comments
Read more