Security of apps is crucial, any developer should take it into account while making apps. What are the elements that need to be secured from hacker attacks and malware? We would emphasize the following:
- Server hosting
These may be terms that say little or even nothing to you. Fortunately, the names already explain a lot. The front end of an app or website is literally, yes, the front. In short, it is what you see when using a website or app. The backend has a more complex structure. For instance part of the backend is the database file. If we take Tinder as an example, all data and photos are stored in database so you are able to see recent and relevant matches. Back to business. We continue to focus on security of these three elements.
Of course, we all know that each website and app have a unique frontend. This means that the security differs by project. However, if you are interested, we have already collected some tips and tricks to inform you at this stage:
- Saving user data
- Caching files
- API connection
Saving user data
We will start with a rather tricky point. Everyone is now concerned about the security of personal data. Logically, you do not want your personal information be revealed to third parties. Therefore, solutions should be developed to avoid data saving if it's not necessary or is not protected.
You probably know that when you visit a website or app, some files/ picutes/ data during your visit is automatically saved to so-called cache. However It's not a must to cache files. Hence, we at DTT sometimes develop solutions that don't save information in cache.
So far so good. A final point that relates to both frontend and backend is the security of API connection. We would descrive an API as a means of communication between computer programs. Through the API information and instructions are transmitted. The question arises: how to ensure that this information is not disclosed or doesn't become publicly available? Well, we know the answer - SSL connection and authentication keys. An SSL connection is an encrypted connection between the server and the visitor. Everything you enter is converted into abracadabra language and can not be read by any hackers. You recognize a website with an SSL connection by https instead of http in the URL. The S stands for Secure. You can compare authentication keys with your e-ticket for a festival or concert. The computer stores your ticket code and knows that you are the right visitor.
Secure the back door: backend
We continue and we just ended at authentication keys. The API also communicates with the backend using these keys. There are two other aspects for a secure backend:
- SQL injection
- Hash algorithms
Yes! More difficult terms. In a nutchell, SQL is the language that is used to work with the database. Suppose you fill in your e-mail to sign up for a newsletter. Your e-mail is then stored in the newsletter database in SQL. If an SQL injection takes place, basically it affects all the information in your database. At DTT we have the technical knowledge how to avoid these injections and keep database protected. Prevention is better than cure.
These algorithms are used inter alia for pseudonimization of passwords. The passwords are encrypted in a way that an unauthorized person won't be able to read them.
Last but not least: server hosting
You are almost up to date with regard to common security measures. Websites and apps are hosted (placed) on a server. That's just an online repository. Secure server hostings earn an ISO certificate. Of course we offer secure hosting at DTT. That's why we have about 5 (!) Certificates. To be precise:
- ISO 9001
- ISO 27001
- ISO 14001
- NEN 7510
- PCI DDS
So. We should actually hang them in the wall.
Security is a customized product. Not every (app) solution requires the same type of security. We would like to give a simple but clear example: a bag or a suitcase. In most cases there is no lock, but when do you need one? For example, if there are very confidential documents in it, or if it is full of diamonds. We would like to talk to you and advise you on security risks and possible solutions.
We know how important is to secure your data and information. We take into account many issues, and provide you with security plan that is suitable for yout case. Do you want to go through the possibilities of protecting your info? Please contact us, we are happy to discuss it with you.