EntireOnHire l

Application Security and Safety Enhancements

This feature is available from Version X9.1 and above. Click to view the details of all the features available in the Version Release Notes X9.1.

What is Application Security and Safety Enhancement?

Application security and safety include a couple of important objectives in continuous improvement and service delivery. Cybersecurity helps to solve pre-built vulnerabilities in applications and helps them to remain stable throughout. Application security refers to security precautions used at the application level to prevent theft or hijacking of data or code within the application and safeguard against phishing schemes, ransomware attacks, and financial losses.

Entire OnHire continuously gives a prominent space for application safety, security, and data protection and follows the principal ASSESS and ADOPT every year.

In this version, we have ensured that our Entire OnHire application ecosystem is on the HTTPS layer, and a couple of endpoints that are publicly exposed are secured using tokenization.

1. Brought the Entire OnHire Ecosystem on HTTPS

HTTPS (Hypertext Transfer Protocol Secure) is a protocol used to secure communication over the Internet. HTTPS or HTTP Secure uses encryption to ensure that data transmitted between a client (such as a web browser) and a server (such as a website) cannot be intercepted and read by unauthorized third parties.

We have ensured that all the portals, end points, and mobile apps are now safer for use.

2. Redesign Tokenization

Token-based application security is a way of securing web applications by using tokens to authenticate and authorize users. When a user logs into an application, the server generates a token that is stored on the user's device. This generated token is sent with each subsequent request to the server to verify the user's identity and permissions. Tokens can be designed to expire after a certain amount of time or be invalidated if the user logs out or changes their password.

How does Token-Based Authentication Work?

The token-based authentication generates a unique encrypted token that replaces the sensitive data and helps to secure the base API URLs and provides security through tokens. The token generated acts as a digitally encoded signature to authenticate and authorise a user to access specific resources and allows users to verify their unique identity.

  1. Token Generated → When a user logs into an application, the server generates a token that is unique to the user and contains information about their authentication status and permissions

  2. Token Sent with Requests → The generated token is sent with each request to the API. This task can be performed in a variety of ways, such as in a header, a cookie, or as a parameter in the URL

  3. Token Verified → The API server checks the token to ensure that it is valid and not expired. It also checks the token to determine the user's identity and permissions

  4. Access Granted or Denied → If the token is valid and the user has the required permissions, the API server grants access to the requested resource. If the token is invalid or the user does not have the required permissions, access is denied

What are the Benefits of Token-Based Authentication?

  • Protection against CSRF Attacks: Cross-Site Request Forgery (CSRF) attacks occur when an attacker tricks a user into making a request on their behalf. By using tokens to authenticate requests, an attacker cannot forge a valid request without the corresponding token, making it much harder to perform CSRF attacks

  • Protection against Session Hijacking: Traditional session-based authentication relies on a session cookie to identify a user, which can be stolen by an attacker and used to hijack a session. Tokens, on the other hand, can be designed to expire after a certain amount of time or after a single use, making them less vulnerable to session hijacking

  • Improved scalability: Token-based authentication is stateless, which means that the server does not need to maintain any session state. This feature helps to scale the application by distributing the workload across multiple servers or by using a cloud-based infrastructure

  • Improved access control: Tokens can carry additional information, such as user roles or permissions, which can be used to enforce fine-grained access control policies and helps to control access to resources and data within the application

  • Improved auditing: Token-based authentication provides a clear audit trail of all the user requests, making it easier to monitor and detect unauthorized access attempts

Overall, token-based endpoint security provides a more secure and flexible approach to authentication and authorization, which can help to protect web applications against a range of security threats.


  Version Release Notes X9.1

 

 

Copyright © 2023 Entire OnHire