-
Notifications
You must be signed in to change notification settings - Fork 0
Security Considerations
Identify sensitive information kept by your software. Explain how you plan to protect it.
Our app has a sign-in screen/ create an account, therefore, the user will enter their email, password, first name, last name, age, height, weight, and phone number. Our group will use Firebase in order to save the information provided, Firebase has an authentication feature. In order to make the following information more secure, we can navigate Firebase and edit the rules, such as: requiring a minimum number of characters for the password, preventing password that has repeated characters, implementing encryption rather than storing the password directly in the database, make the user have limited number of attempts to enter their details, the user can also go to “settings” and change their password, and implement a two-factor authentication.
Identify possible attack vectors, that is, ways malicious users could try to use your software to escalate their privileges. This includes root access to your server, access to other user's sensitive information (say via XSS attacks), root access to your database, etc. Explain protection plan
There are possible attack vectors for our app. We will implement two-factor authentication and require a strong password to protect user credentials from being exposed to malware or phishing. We would use HTTPS and limit login attempts to prevent brute-force attacks on our app.