When it comes to security and privacy of the web application.... Security Problems occur if trying to serve pages via HTTPS if they include HTTP resources this is known as mixed content Constant upgrades, required major for security, to ensure things work as intended Number of log in attempts automatic session time-out Log-in monitoring / administration Passwords strength strong, Validation of user User id credentials kept separate, hashing and salting in stage to obscure Using components with little known vulnerabilities Avoid cross scripting Security misconfiguration Privacy (protection responsibility) Cookies regular clear Short expiry date localStorage.... File system API? Saving sensitive user id add 1 every time Notifications notify user of data collection, storage, Consent for major explicit permissions Snap a picture button; implicitly giving permission for camera-app Minimisation of data collection User rights to Access to view, update or delete from history Geolocation is potentially most privacy invading concerns: [ ] Disclose collection of data [ ] Protect data Implementation of.... [ ] DoNotTrack privacy. To prevent Tracking by other unknown parties. Geolocation API Involves third party API, device-APIs Captured images may contain Geotagged images Because client by using mobile Camera device to capture image pressing Snap button they are giving implicit consent. ...Media-Device-API Use HTTPS by default...... For both security and privacy of personal data from third party websites, hackers, men in the middle, Transfer and exchange data on web applications, using HTTPS for Secure, This process entails Certificate, SSL,TLS, Key for Authentication Encryption Decryption HTTP headers Convert all internal /external web application files like CSS JS with links to HTTPS Redirects over HTTPS
My other blog
New blog post
When it comes to security and privacy of the web application....
Security
Problems occur if trying to serve pages via HTTPS if they include HTTP resources this is known as mixed content
Constant upgrades, required major for security, to ensure things work as intended
Number of log in attempts
automatic session time-out
Log-in monitoring / administration
Passwords strength strong, Validation of user
User id credentials kept separate, hashing and salting in stage to obscure
Using components with little known vulnerabilities
Avoid cross scripting
Security misconfiguration
Privacy
(protection responsibility)
Cookies regular clear
Short expiry date
localStorage....
File system API?
Saving sensitive user id add 1 every time
Notifications notify user of data collection, storage,
Consent for major explicit permissions
Snap a picture button; implicitly giving permission for camera-app
Minimisation of data collection
User rights to Access to view, update or delete from history
Geolocation is potentially most privacy invading concerns:
[ ] Disclose collection of data
[ ] Protect data
Implementation of....
[ ] DoNotTrack privacy.
To prevent Tracking by other unknown parties.
Geolocation API
Involves third party API, device-APIs
Captured images may contain Geotagged images
Because client by using mobile Camera device to capture image pressing Snap button they are giving implicit consent.
...Media-Device-API
Use HTTPS by default......
For both security and privacy of personal data from third party websites, hackers, men in the middle,
Transfer and exchange data on web applications, using HTTPS for Secure,
This process entails
Certificate, SSL,TLS,
Key for
Authentication
Encryption
Decryption
HTTP headers
Convert all internal /external web application files like CSS JS with links to HTTPS
Redirects over HTTPS
My other blog