It doesn’t matter if your solution services the banking industry, or social networking, your clients demand privacy and security.
Secure against JSON injections in data exchanged between server and client. That’s it!
Https only provides an envelope that keeps data away from attacks. Most data are stolen with someone having access to the application. In fact, more that 85% of data breaches can be attributed to one having authorization or credentials to use application.
For every action on an application interface, be it web, mobile or an application, Data has to be exchanged between an Application and the server. The request and response for the data is normally exchanged via a data structure, JSON being the dominant option. The vulnerability comes when the data is prepared for transmission. While the server request is being prepared, a hacker with fair to medium skills, is able to manipulate the data stream (aka JSON Injection) and gain access to data that should be private. Worse still, they could manipulate the data stored in the database itself.
Yes, you can protect yourself against this through correct handling of the data-stream. First step is to evaluate the weakness in your system. The best way to do this is to request a security analysis. This effort takes from 2 weeks for a minimal system to 6 weeks for a complex system. Once the analysis is done, the report will red-flag areas that need to be addressed. Your designers are advised best practices to implement and if needed, support to implement solutions are available. Our HACK Bears team at Ideabytes can assist you. Ask for a consultation.
Anna Anthony
11 Feb, 2021