As a social media platform “The Story of Us” is designed to support people in their bereavement process. The effective operation of the app is crucial. The design and structure of the system, including the database that is used to store user content and information should be secure at all times. Authentication and authorization should be secure to a standard that attacks such as the Man-in-the-middle attack or SQL injection can be prevented. Injection flaws occur when untrusted data is sent through a query. The interpreter is programmed to access data that has not been authorized prior. Application functions that are related to authentication and session management need to be implemented correctly so that attackers cannot compromise keys, session tokens and passwords or use other flaws to assume users; identity may it be temporarily or permanently. Another potential possible vulnerability may be Cross Sight Scripting (XSS) this occurs when untrusted data is used without proper validation or escaping. Therefore, allowing attackers to execute scripts in the victim’s browser that can redirect the user to malicious websites.
As the example above show a glitch would have disastrous effects on the trust of our users that are already in a vulnerable position through the loss of a loved one. Consequently, a security leak would lead to irreversible damage to our reputation.
Source:
https://www.owasp.org/index.php/Top_10-2017_Top_10
https://securityintelligence.com/how-to-protect-mobile-apps-essentials/
Written by Naida Balafkan
