Make sure that your application be secure: Web Side


For anyone who has a passing interest in the development of applications or an application that uses a remote web service, listen to me. As it can be boring to talk about safety, especially when it comes to Android apps, is still needed. But today I'm going to go through a few tips that applications that use remote web services to provide. If the server to store data to the server, or to treat the communication and to the users, you should always make sure some of the things that are often overlooked.


1 Encrypt.

See the photo owner. If you take only one thing in this article is very simple: encrypt all things! Encrypt everything you can. Sure, it's a compromise, but if ever there was communication between the application and website in order to hide it!

Only the encryption is not enough, you also need to do well. The most popular form of transportation in use today is the SSL encryption. This is what is used when navigating the site https://. Simply using the HTTPS site, but it is not enough! It is important to ensure SSL reaction succeeds. A number of applications are Android in this regard.
In addition, if the application is likely to be used in your country, check with your ISP or the amount of government intervention can be wrong SSL Certificates are issued in force (it happens more often than it seems), it is imperative that you do not want to the certificate pinning, which is included in Android now. But the benefit of all users, you must apply for the program itself. Actually, everyone should be used to implement certificate. Otherwise CCNIC (China Internet Network Information Center (CNNIC), China's State Information Center Network), including being able SSL certificates and domain to capture data traffic on their networks, and can do nothing to stop him. Insert the public key certificates and certification to ensure that only approved.
Also note the SSL forward secrecy to ensure an attacker sniffing traffic and server can not decrypt the SSL key for the future, but make sure that you are aware of the risks of SSL / TLS and the behavior of the downgrade .

2. Authentication.

The authentication is often overlooked in the design of the system. Authentication is the process has been set by the client and the remote server to communicate with each other, and a person of trust, the store through the conversation, the unencrypted content.
SSL if properly license, used nails, provides a reasonably reliable account of the user that the server they are connected to the right, and not a "pretend" created from a valid server, a malicious user. The design of the application, always make sure to check that the customer, which is supposed to be the server. Also make sure that the server authenticates the client properly. And although I will not have this opportunity to take a lecture strong against the weak authentication, I recommend dass When the user by a username and password (even over SSL), the strong authentication features such as challenge-response will come If done properly, you do not even know the user's password!
Also make sure that the authentication is not defeated by the process of return password! You may have a possible security system more secure, multi-factor, a key-based verification and authentication of SMS, but their application is not certain whether the user their password a few keystrokes and then bring security to the lowest common denominator (E- mail account security) fall. For most users can be considered safe email address will not. It can be hard to avoid this, but you should use e-mail as part of the review, and not just the test before resetting the password.
Consider whether the user the ability to password, sometimes simply not possible if the user's password is the AES key used to encrypt to protect your account. In this case, the only way to delete the account and they lose their data. This sounds complicated, but it is much better that the password for the system, which can bind to the legal pressure on one of its users. If the service wants a high level of security, it should be possible passwords because you must use the encryption key per user in their information without the security, can be used without a password.
Why? No, do not irritate users. Rather, because of the service provider that provides security, properly implemented encryption for all data and metadata, with a unique key for the user and his / her password. Ideally, this password is not with the server (strong authentication with zero knowledge of the test used) to communicate. While this may sound like an exaggeration, the opposite is the case, and is already in use in some of the conservative privacy services.

3. Protect your server

This is a little less related Android, but it is equally important (and probably more important, realistic) and the use of strong encryption and user authentication and the server. When you send data to the server, each user has the information on this server. Not, "DDoS protected" the "CloudFlare" card or try dragging here. Mask server is not sufficient to prevent the attacker from the server specified search term. Here are some tips:

) Remove the SSH password for access. If you enter an SSH connections passwords, should resign and go home, because they are a burden on the world. To start the authentication pair of public / private key, and use a good, strong passwords, which are generated in local PC and securely stores. Password protect your private key, and achieve the "almost" two-factor authentication something you have (to remove an SSH key are stored securely on a USB stick, when not in use) and, some of you know (a password for the SSH key that is random and impossible to guess). For additional security, the ability to restrict the IP addresses not log in remotely to the server, the firewall or the network at the level of the ACL.

b) isolating
If you use the server for other tasks (in particular, together with "projects", should consider compromises the risks for the user data if another service on the same server. Is it really necessary to host a blog on the same server? This blog based on the same HTTP daemon and wait involved.
c) Protect the
If you want to be extra safe, have stored in the web application code read-only media. Keep the CD-ROM and cache RAM if you want. This is to break into the software code to prevent when they are received.
d) Be open to

There is no safety in doubt. Do not hide the security measures that you have created - are determined attacker outside. Show the world (and their users), how much you care about their safety and open with them. Tell them what you need to protect your information from unauthorized use of any kind. Do not make the safety of the ex post - to show to people who are thinking of safety in the design of your application and web service.