-
Notifications
You must be signed in to change notification settings - Fork 1
Security Issues
kaylytran edited this page Nov 5, 2023
·
17 revisions
It is important to us that we are able to keep and protect sensitive information about the user. Information such as personal information, health and fitness information, and user's schedule.
This is how we plan to protect it:
- Storing information such as passwords securely.
- We will regularly try to authenticate the user. Especially when trying to access private information. (multi-factor authentication)
- Frequently monitoring the app to do anything if needed. (Software patches/updates)
- Delete any old or not-in-use data to free up memory and space. Not only it will help the app run better, but it will also have fewer vulnerabilities.
- Implement a lockout feature, in case of multiple login failures. (lockout feature, will prevent brute force login attacks)
Possible attack vectors:
- Server Vulnerabilities: Attackers may exploit server vulnerabilities to gain root access, potentially compromising the entire system.
- Protection plan: Regular monitor to update or patch any software. Implement a firewall. (Web Application Firewall)
- API Vulnerabilities: Using a secure API will prevent data from data breaches and unauthorized access.
- Protection plan: Monitor API traffic, and use API keys or tokens to verify the identity and permissions of clients.