preloader
CubeX

CARELEN

Duration

06.2024 – 07.2024

teCHNOLOGIES

React Native, Apollo Client, GraphQL, i18next, react-native-biometrics, rn-secure-storage, NestJS, Apollo Server, Helmet, MongoDB, TypeORM, Azure CLI, azure/keyvault-secrets

Business solutions

  • enhanced security through the removal of sensitive information from .env files and integration with Azure Key Vault for secure key and secret management.
  • improved user authentication with the addition of FaceID, TouchID, and biometric options.
  • optimized performance with request throttling and automated user logout after inactivity.
  • provided comprehensive documentation and onboarding for developers to use Azure Key Vault and manage key rotation.
  • ensured ongoing security and performance with regular vulnerability checks and resource optimization.

deveLOPMENT PROCESS

  • developed a technical design document outlining future changes.
  • implemented rate limiting and throttling mechanisms.
  • migrated keys and secrets to Azure Key Vault and provided developer documentation.
  • added biometric authentication options and updated data models.
  • implemented automatic logout and conducted performance reviews.
  • performed vulnerability checks in the CI/CD pipeline and rotated keys with accompanying documentation.
  • conducted infrastructure access log audits and optimized resource usage by unsubscribing from inactive services.

Roadmap

Technical Design and Security Enhancements

06.2024 - 06.2024
  • Develop a technical design document outlining future changes.
  • Integrate Helmet for web security and implement throttling to manage request rates.

Key Management and Authentication Improvements

06.2024 - 06.2024
  • Migrate all keys and secrets from .env files to Azure Key Vault for enhanced security and easier key rotation.
  • Provide onboarding documentation for using Azure Key Vault.
  • Implement FaceID, TouchID, and biometric authentication options.

System Updates and Monitoring

06.2024 - 07.2024
  • Update data models in the database and server to support new authorization methods.
  • Implement automatic user logout after inactivity.
  • Perform vulnerability checks during the CI/CD process and rotate keys with accompanying documentation.

Performance Review and Resource Optimization

07.2024 - 07.2024
  • Conduct an audit of infrastructure access logs.
  • Perform a performance review to ensure no issues post-changes.
  • Unsubscribe from inactive services to optimize resource usage.

Main Functionality

Project Description Image

Biometric Authentication:
Users can log in using phone or email authorization, with an option for biometric authentication (FaceID or TouchID) to streamline the login process. Successful biometric authentication directs users to the main screen.
Project Description Image

Security Settings:
From the main screen, users can access security settings to enable or disable biometric authentication as per their preference.
Project Description Image

Secure Data Storage:
Replaced native asynchronous storage with the Secure Storage library to ensure secure handling of sensitive and personal data, including phones, names, addresses, and authorization tokens.
Project Description Image

Server Security and Key Management:
Implemented Helmet to address known web vulnerabilities and applied rate limiting to protect against DoS attacks. Moved development variables from .env files to Azure Key Vault to enhance security and prevent leaks of sensitive information.

Contact Us

Please contact us for any further information






    Ready to talk?




      By clicking the "Confirm" button, you agree to the use your data by the cubex team