Authentication and Authorization : how implementing security layers in your application ?

Security is one of the most essential part in the application, And it’s often disregarded because of the lack of time, oversight, not the priority, or maybe because the technical design is still evolving. As a result, it leads to an accidental complexity such as technical gap, security breach and stolen identity on the internet.

As part of our team values, securing any application we build is as important as its business features.

As an example of the cost for not paying attention to the security of an application, Parler becomes the center of the tech industry for being naive to their applications security layer.

There was a recent security incident involving Parler, in January 2021. Which states that their resources were scraped by a female programmer whose twitter handler is @donk_enby. She obtained a large amount of data which worth of 80 TB.

She even described Parler’s archival situation as “A bunch of people running into a burning building trying to grab as many things as we can.”

She described that Parler’s applications major flaws to their system are:

- Weak API Security Layer ( Authentication & Authorization )

- Database identification (ID) is not uniquely generated ( UUID )

- No Database Query Limitations

- Raw Assets ( Video, Image )

This causes a huge loss of return on investment, and credibility to their application, as you can imagine: the “sanctity” of the data and its security is supposed to be paramount for social medias.

Since we already know the cost and consequences of the lack of security in application development. Now the questions are, how and where do we start implementing the security?

We will cover the Authentication and Authorization, since these layers are described by @donk_enby as the entry to access for her to scrape the described amount of information from Parler.

Read the full article on Medium