Security Issues

Identify sensitive information kept by your software. Explain how you plan to protect it. Identify possible attack vectors, that is, ways malicious users could try to use your software to escalate their privileges. This includes root access to your server, access to other users' sensitive information (say via XSS attacks), root access to your database, etc. Explain protection plan

The app is going to store user credentials such as a username, password, and credit/debit card information. The plan is to encrypt all user data across the platform primarily credit/debit card information. We are going to use a symmetric encryption method. We are also going to be using the Stripe API to process all payments and they are a large and secure API that we can trust. The user will be required to meet certain password requirements to ensure safety from brute-force attacks.

When it comes to potential attacks a malicious user could execute the first that comes to mind would be phishing. We intend on educating users on phishing so they can avoid falling for the phish. If someone were to gain root access to the server they would be able to plant bugs within the software and could decrypt users' credit/debit card information. To protect against this we could implement some sort of monitoring system to alert me and the other developers in the event of a suspicious attempt to damage the system. Certain actions are going to require a certain level of authority within the system so only admins could change source code. In the event, an admins credentials were stolen we will have a backup of the software and alert any users who might have had information stolen.