OU blog

Personal Blogs

Bio-Art

New blog post

Visible to anyone in the world

When it comes to security and privacy of the web application....

Security

Problems occur if trying to serve pages via HTTPS if they include HTTP resources this is known as mixed content

Constant upgrades, required major for security, to ensure things work as intended

Number of log in attempts

automatic session time-out

Log-in monitoring / administration

Passwords strength strong, Validation of user

User id credentials kept separate, hashing and salting in stage to obscure

Using components with little known vulnerabilities

Avoid cross scripting

Security misconfiguration


Privacy

(protection responsibility)

Cookies regular clear

Short expiry date

localStorage....

File system API?

Saving sensitive user id add 1 every time

Notifications notify user of data collection, storage,

Consent for major explicit permissions

Snap a picture button; implicitly giving permission for camera-app

Minimisation of data collection

User rights to Access to view, update or delete from history

Geolocation is potentially most privacy invading concerns:

[ ] Disclose collection of data

[ ] Protect data

Implementation of....

[ ] DoNotTrack privacy.

To prevent Tracking by other unknown parties.

Geolocation API

Involves third party API, device-APIs

Captured images may contain Geotagged images

Because client by using mobile Camera device to capture image pressing Snap button they are giving implicit consent.

...Media-Device-API

Use HTTPS by default......

For both security and privacy of personal data from third party websites, hackers, men in the middle,

Transfer and exchange data on web applications, using HTTPS for Secure,

This process entails

Certificate, SSL,TLS,

Key for

Authentication

Encryption

Decryption

HTTP headers

Convert all internal /external web application files like CSS JS with links to HTTPS

Redirects over HTTPS


My other blog

Permalink
Share post