Jeddah Bank's Cybersecurity: Mobile App and Website Security Measures

Verified

Added on 2022/08/12

AI Summary

This report addresses the critical need for robust cybersecurity measures for Jeddah Bank's mobile application and website, in response to potential hacker attacks. The report, written from the perspective of a network administrator, outlines major security concerns in web and mobile app development, emphasizing vulnerabilities like malicious software, data hijacking, and authentication issues. It details a comprehensive security strategy incorporating the System Development Life Cycle (SDLC), including the planning, requirement analysis, design, development, testing, and deployment stages, and how security measures are integrated within each phase. The report further recommends best practices for ensuring proper authorization and authentication, such as input sanitization, SSL/HTTPS usage, access control, strong password policies, and session management. Finally, the report concludes that continuous vigilance and the implementation of these strategies are crucial for protecting customer data and maintaining the bank's reputation in the digital landscape.

Running Head: IT 0
INFORMATION SECURITY

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT 1
Abstract
This research paper is made under Saudi Electronic University in response with
module 7 of the subject based on a scenario. Being a network administrator at a regional bank
in Jeddah, various security strategies have been developed for the team against hackers’
interception on the website of the bank and customer mobile application. This paper also
states the six key stages in SDLC (System Development Life Cycle) so as to better determine
the security measures. Best practices are also recommended later on to secure a system and
ensure proper authorization and authentication.

IT 2
Table of Contents
Introduction................................................................................................................................3
Major security concerns for web or mobile application development.......................................3
Security measure for transmitting data......................................................................................4
Best Practices.............................................................................................................................6
Conclusion..................................................................................................................................7
References..................................................................................................................................8

IT 3
Introduction
This report outlines the right authentication techniques of Jeddah so that to block
hackers for intercepts the customer mobile application and bank website. The strategies have
been developed with using best security practices in terms of protection and stating the 6
phases of software development life cycle. There are various standards required to be
followed so as to ensure that the data of customers get well protected and secured under best
practices, which is called the System Development Life Cycle (SDLC) and referring to each
stage, there are also some security measures to be noted.
Major security concerns for web or mobile application
development
Millions of apps release every single day and most of them carry important
information of the users making them vulnerable to hackers attack or implanting a malware
(Arlitsch & Edelman, 2014). It all starts with hackers creating codes hoping that the
developer of app or web will select them up to use their idea. As many developers do not go
for building of applications of web data from the ground up, instead they use easy
frameworks and already developed codes so as to customize the on their own application or
web contents. The next concern is associated to not performing security testing thoroughly as
it is the responsibility of app developer to go through tight security testing while undertaking
necessary measures to fix require vulnerabilities. This leaves the web and mobile application
at risks and ultimately result in bad brand publicity.
The next big security concern is lack of server side security as many web and app
developers successful in providing better security for their apps, however, their server side
security is vulnerable to attack (Kalra & Sood, 2015). This neglect can lead to loss of
sensitive information including debit card information, PIN and more. Slow patching and
upgrades can also be considered as an issue as when the user launch any application or search
for any web page content, hackers start working on exploiting the weakness and a lack or
delayed fixing of issues might make the app more out-dated too.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT 4
Security measure for transmitting data
SDLC is a good approach combined with security methods on every stage to deliver a
good web application that in the same time with following necessary security measure to
enforce greater security and authentication (Rastogi, 2015). In addition, implementing
security measure should be a top priority to ensure the success of the software and data and
there are 6 phase-specific ways to infuse higher security in the software development life
cycle.
1) In the first stage of planning, the scope of problem needs to be defined and
accordingly, solutions have to be determined. The major consideration one should
make in this stage is about the time, cost, resources, benefits and other items. Analysis
of requirement is the most significant and essential phase in SDLC (Ali, 2017). The
senior executives at the regional bank will conduct a survey from all the bank
customers about how frequently they use mobile application, what are the issues they
are facing and so on. In addition, IT department of the bank will also present its inputs
about various significant insights and then feasibility study will be carried out for the
securing web content and mobile application.
Planning
Requirements
Design and
Prototyping
Software
Development
Testing
Deployment
and
Maintainance

IT 5
2) In requirement stage of SDLC, determining and documenting of product requirement
is necessary while making it sanctioned from several groups of consumers as well as
market analyst. SRS (Software Requirement Specification) also help in this scenario
comprising the condition of required changes to be developed and designed at the
time of project life cycle. Here, security policies related to the mobile application
information and associated risk will also be identified and how to mitigate them are
initiated at this phase.
3) As prototyping and design, IT division of the bank can come up with essential design
approach in consideration with requirement mentioned in SRS. Furthermore, this
design approach will then be presented to the management teams together with
documentation in the DDS (Design Document Specification). Considering the bank
website and mobile application information, security measures running along them
are established at this stage.
4) In this stage, there is initiation of actual development and code generation for the
fixing of loopholes in the security algorithms of mobile application information will
be accomplished without much hassle. The IT department of the regional bank will
here use different language of programming language like C++, C and PhP to fix the
issues that make loopholes vulnerable to the hackers (Ali, 2017). However, the
programming language can be different as per the model of bank app or web content.
5) The testing stage is usually a subsection of all the phases in relation with the modern
SDLC context, the testing activities are typically included in all phases of SDLC.
Though, this stage states to the testing only stage of the product where the mobile
application of the bank and website flaws are reported, trailed, fixed and retest again,
until they reach the quality standards clear in the SRS. In addition, this phase
comprises of two parts testing software for privileges, threats and usual risks and live
production testing.
6) Afterwards the testing of product, it is updated and deployed to the respective areas
where user and customer have access. However, with the permission of executive
team of the bank and IT department, the new changes firstly can be accessed to a
limited segment while being testing in the real business environment and with

IT 6
receiving feedback, the product may again be deployed with all groups of users.
Furthermore, IT department of the bank may also ensure that both website and mobile
application system get maintained with adding of new features, deploying timely
patches, monitoring of logs and auditing of security policy as necessary.
Best Practices
In order to secure a system so as to ensure proper authorization and authentication,
some of the best practices while identifying the attack -
Attack Best practices
Malicious software and injections, butter
overflows
It is needed to ensure that all inputs
expected to be wrong must be sanitized and
rejected
Connection and data hijacking Using SSL and HTTPS
Audit files and protecting logs Offering rights relying on adequate access
control and methods
Authentication issues and accessing
intended data
Right education to users on the way to
established strong password and handling
information necessary to the login. Assess
access privileges every few months
Session hijacking Execute session control (like timeout)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT 7
Conclusion
Ultimately, bank IT developers requires to pay close attention for the hackers
intercept their website and customer mobile application information. The best practices and
strategies are stated above under SDLC stages so as to ensure proper authorization and
authentication. Today, the digital world is out in the open for use of everyone and no user is
ever safe enough from malware and security breaches, however, the above mentioned
measures ensure that the personal data is secure throughout the devices.

IT 8
References
Ali, K. (2017). A Study of Software Development Life Cycle Process Models. International
Journal of Advanced Research in Computer Science, 8(1).
Arlitsch, K., & Edelman, A. (2014). Staying safe: Cyber security for people and
organizations. Journal of Library Administration, 54(1), 46-56.
Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud
servers. Pervasive and Mobile Computing, 24(1), 210-223.
Rastogi, V. (2015). Software development life cycle models-comparison,
consequences. International Journal of Computer Science and Information
Technologies, 6(1), 168-172.