Project Phase 6: Security Authentication #11
Description
Project Phase 6
Course: CPRG 303
Section: H
Group 11
Umaya Hewaarachchi
Security Recommendations
The following are responses to Question 4 regarding security recommendations for my group’s study planning mobile application project:
a. The possible security recommendation I chose for the study planning app is user authentication using a username and password. I chose this because this allows all the user’s reminders, tasks, and notes to be stored under their own account. This ensures that even if they change their mobile device or accidentally delete the app, they can still access their important study planning information by simply logging in again.
b. This recommendation would ultimately benefit the end-user by making their reminders and tasks accessible across multiple devices. This way, the end-user would not have to worry about losing any important notes or dates, thereby improving the effectiveness of the study planning tool.
c. The recommendation was found from the provided checklist. This is the link to the specific recommendation within the checklist:
https://github.com/OWASP/owasp-mastg/blob/master/Document/0x04e-Testing-Authentication-and-Session-Management.md#verifying-that-appropriate-authentication-is-in-place-mstg-arch-2-and-mstg-auth-1
d. The recommendation wouldn't be that urgent because this application is a study planning tool and isn’t meant to store extremely personal or serious information. However, since there is a notes feature and calendar reminder feature within the app, this allows the user to store personal information along with information related to their studies. Due to this, it would be better to implement user authentication sooner rather than later as it would allow the user to securely access all their stored information whenever needed, enhancing both security and convenience.
e. I think my project needs this recommendation because it stores information that is important to the user through features like notes, reminders, and lists. User authentication would ensure that this data is secure and accessible, giving the user peace of mind that their information won’t get lost or accessed by unwanted people, thereby improving the overall user experience.
f. I think this recommendation could be applied to my project by implementing username (or even email) and password login authentication in a database. When the user logs in, their entered password would be converted into a hashed value and compared against the stored hashed value in the database, ensuring that their login credentials remain secure on the backend of the application. Stateless authentication, where user information is stored directly in a secure token and sent to the server when requested, can be used to verify the user's identity. This approach is feasible because it’s a simple and widely used method that ensures secure authentication when logging into the app without requiring the backend server to store personal information about the end-user.