Synopsis
In this article, I want to emphasise the importance of considering security from the very beginning of the design phase in the software development process. Typically, security measures are often overlooked until later stages of the software development lifecycle, such as during testing or even after. The goal of the article is to raise awareness about the implications of not integrating security early on in the development process.
Security considerations
Before hosting the initial code on Amazon S3 and making it somehow public, I had to think about what some users would be able to break in the code.
Things like attempting to change the quotes to something “funny” or uploading strange pictures, not to mention the possibility of embedding some malicious scripts (more on that later).
The first security measures to take are to allow read-only access and even enable encryption with some restrictions. Any upload to the content requires encryption; otherwise, it will be rejected.
Although this is just the beginning and doesn’t even touch the surface of preventing unsolicited scripts from running on a server, it already has important implications for the design of the app. For example, what kind of controls can I provide to the users? If I allow a textbox for users to enter their own quotes, that would be a great interaction. But it also means that funny or inappropriate messages could go unchecked.
The plan for now is to allow drop-down controls and managed buttons so I can trust the scripts that come from “inside”.
Practical Results
Is there a measure to quantify how secure is the App?
The answer is yes. The Mozilla Observatory scan test scores this App A+ according to well known criteria.
What’s next?
After taking your comments in consideration we will focus on the first deployment action where the users will be able to enable a new version on production.
The DevOps Experience 
Leave a comment