Banking API Security

Company

Project

Technology Stack

• JSON Web Token (JWT)
• Security Assertion Markup Language (SAML)
• Node.js
• MongoDB
• API Security, Design and Development

Goals

• Enhance API security with an ability to test and deploy faster.
• Fix the existing security vulnerabilities related to Access Control, missing error handling, data exposure on browser console, Plaintext password and others.
• Implement SAML integration to standardise authentication of Bank employees across multiple Service Providers.
• Lead the team of engineers, train them, perform code reviews and federate the knowledge on web application security.

The Approach

• Introduced and implemented JSON Web Token (JWT) to authenticate APIs exposed to the Banks.
• Implemented authentication via SAML integration(Security Assertion Markup Language) and configured Deal Manager web application as a Service Provider.
• Worked with the banks to identify all use cases and the respective workflows for each API.
• Re-designed and refactored legacy code for bank mortgage feature.
• Created learning materials in the form of videos and detailed design documentations to build awareness within the team on web application security.
• Collaborated with remote teams and performed code reviews for team members.
• Worked with an external penetration testing vendor and fixed the bugs. Prevented the exposure of data via browser console that was logging sensitive information.
• Introduced role based access to the application, and added restrictive MongoDB queries to prevent data attacks.

The Results

• Introduced and implemented a robust security solution for Nomis.
• Two Nomis customers renewed their 3 year contract, that resulted in revenue increase for the company.