1

I'm a newbie when it comes to information security. So pardon me if the solution can be found at page 12 of any introductory text.

I have an express server and two android apps(for clients and admin). The installed apps will ask the user for registration (using a code sent to them by the admin, generated by the server). After registration, the client app will be assigned an id and they will regularly send some data to the server. The communication between apps and server is being done using post requests.

How do I verify that the data coming to the server is valid?

saga
  • 111
  • 2
  • *"How do I verify that the data coming to the server is valid"* - If you know what data you expect (i.e. what *valid* means) then you can verify that the data match the expectation on the server side with programming etc. If you don't know what you expect yet then you need to rethink your application so that you always know what you expect. In no way you can trust the client to only send valid data. – Steffen Ullrich Jan 05 '19 at 14:12
  • @SteffenUllrich It's an app which tracks the phone of children. What precautions should I take to make this app hack proof. – saga Jan 05 '19 at 16:32
  • 1
    *"What precautions should I take to make this app hack proof"* - sorry, but there is no simple checklist for this or something like *"secure development for dummies"*. It is far from trivial. Given that you are a newbie in this area and you are programming a privacy sensitive application I recommend to get support (i.e. pay for it) from some consulting company specialized in development of secure applications. – Steffen Ullrich Jan 05 '19 at 16:37
  • @SteffenUllrich Thanks for quick reply. How should I get started if I want to learn the practical aspects of network security? – saga Jan 05 '19 at 16:42
  • See [How do I get started with security? (beginner)](https://security.stackexchange.com/questions/15233/how-do-i-get-started-with-security-beginner) and [similar questions](https://www.google.com/search?q=site%3Asecurity.stackexchange.com+start+to+learn+security). – Steffen Ullrich Jan 05 '19 at 16:47
  • **Opinion 42:** When dealing with PII of minors, try to anonymize the transmitted data as much as possible before transmission... And make sure you have a good legal department. – RubberStamp Jan 07 '19 at 23:10

0 Answers0