What is your security recommendation? Why did you choose it?
The security recommendation I chose is “No sensitive data, such as passwords or pins, is exposed through the user interface.” I chose this recommendation because we want to integrate a sign-in/sign-up/logout feature into our application in the future. This feature requires sensitive personal information such as their full name, passwords, and email addresses and we want to ensure that our app keeps this information safe from unauthorized access or exposure.
Who does the recommendation benefit (end-user, developer, etc.)?
The recommendation benefits both the end-user and developer. For the end-user, it ensures that their personal information is private and protected from being displayed or intercepted by malicious individuals. This gives them a sense of security and builds trust and confidence when using the application. This benefits the developer because it reduces the risk of liability and reputation because of security vulnerabilities. Integrating this recommendation also follows best practices for a secure application design.
If the recommendation was found somewhere other than the provided checklist, include a link to it.
The recommendation is from the provided checklist.
When would the recommendation have to be implemented (based on how serious the security risk is)?
The recommendation should be implemented as soon as possible, ideally in the initial design and development phases. Implementing this ensures that proper safeguards are integrated from the start, reducing the risk of data breaches or unauthorized access. This also aligns with best practices, “Secure by design,” thus protecting both the user’s sensitive information and the applications reputation.
Why do you think your project needs your recommendation?
Our project needs this recommendation because we plan to implement integrate a sign-in/sign-up/logout feature into our application in the future, which involves handling sensitive user information.
How do you think your recommendation could be applied?
This recommendation could be applied by implementing security coding practices such as masking sensitive data and server-side validation. We would mask sensitive data like passwords by ensuring placeholders display dots or asterisks during user input. This will avoid passwords being displayed in plain sight. Sensitive data will be securely stored on the backend vs. the front-end user interface using hashing algorithms like bcrypt for passwords.
How feasible would the implementation be?
The implementation of this recommendation would be feasible with the existing frameworks and security tools that are available. For example, bcryptjs is a popular node library for hashing passwords. React-native’s built in TextInput element provides a secureTextEntry prop, enabling inputted date to be masked into asterisks when assigned to true.
Here is the package for reference: https://www.npmjs.com/package/bcryptjs
Masking passwords: https://devcamp.com/trails/mobile-development-react-native/campsites/authentication-react-native/guides/how-to-implement-secured-password-text-input-react-native
What is your security recommendation? Why did you choose it?
The security recommendation I chose is “No sensitive data, such as passwords or pins, is exposed through the user interface.” I chose this recommendation because we want to integrate a sign-in/sign-up/logout feature into our application in the future. This feature requires sensitive personal information such as their full name, passwords, and email addresses and we want to ensure that our app keeps this information safe from unauthorized access or exposure.
Who does the recommendation benefit (end-user, developer, etc.)?
The recommendation benefits both the end-user and developer. For the end-user, it ensures that their personal information is private and protected from being displayed or intercepted by malicious individuals. This gives them a sense of security and builds trust and confidence when using the application. This benefits the developer because it reduces the risk of liability and reputation because of security vulnerabilities. Integrating this recommendation also follows best practices for a secure application design.
If the recommendation was found somewhere other than the provided checklist, include a link to it.
The recommendation is from the provided checklist.
When would the recommendation have to be implemented (based on how serious the security risk is)?
The recommendation should be implemented as soon as possible, ideally in the initial design and development phases. Implementing this ensures that proper safeguards are integrated from the start, reducing the risk of data breaches or unauthorized access. This also aligns with best practices, “Secure by design,” thus protecting both the user’s sensitive information and the applications reputation.
Why do you think your project needs your recommendation?
Our project needs this recommendation because we plan to implement integrate a sign-in/sign-up/logout feature into our application in the future, which involves handling sensitive user information.
How do you think your recommendation could be applied?
This recommendation could be applied by implementing security coding practices such as masking sensitive data and server-side validation. We would mask sensitive data like passwords by ensuring placeholders display dots or asterisks during user input. This will avoid passwords being displayed in plain sight. Sensitive data will be securely stored on the backend vs. the front-end user interface using hashing algorithms like bcrypt for passwords.
How feasible would the implementation be?
The implementation of this recommendation would be feasible with the existing frameworks and security tools that are available. For example, bcryptjs is a popular node library for hashing passwords. React-native’s built in TextInput element provides a secureTextEntry prop, enabling inputted date to be masked into asterisks when assigned to true.
Here is the package for reference: https://www.npmjs.com/package/bcryptjs
Masking passwords: https://devcamp.com/trails/mobile-development-react-native/campsites/authentication-react-native/guides/how-to-implement-secured-password-text-input-react-native