Best Practices for Securing MERN Stack Applications: A Comprehensive Study of Authentication, Authorization and Data Protection
Chowdhury, Md Shahriar Nur (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024122037763
https://urn.fi/URN:NBN:fi:amk-2024122037763
Tiivistelmä
With the increased importance of web applications in every field, the demand for security has risen, especially in frameworks like the MERN stack. This thesis covers the best practices for securing MERN stack applications, focusing on three critical areas: authentication, authorization, and data protection. The MERN stack, while offering exceptional flexibility, scalability, and efficiency, has its unique security challenges introduced by its layered architecture, which must be addressed to gain the trust of users and meet regulatory standards.
This study adopts a qualitative research methodology, which involves interviews with software developers and security experts from leading technology companies from Bangladesh. The results showing some useful practices, such as the application of JWT (JSON Web Tokens) for authentication without sessions, RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) authorization methodologies, and encryption algorithms AES (Advanced Encryption Standard) for secure data encryption and TLS (Transport Layer Security) for securing data in transit against sensitive data disclosure. It also points out the importance of secure coding practices, vulnerability assessments, and adherence to global compliance frameworks like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).
It provides a review of how this thesis, through an all-inclusive security framework relevant to MERN applications, offers applicable insights for developers in mitigating certain identified vulnerabilities toward hardening the apps. The results underscored how critical incorporating security throughout the software development life cycle has been in dealing with emerging cyber threats without compromising performance and user experience, hence requiring concentrated consideration and investment. The research provided insight into recommendations for the future; first, investigating advanced attack vectors and integration of AI-driven mechanisms for security.
This study adopts a qualitative research methodology, which involves interviews with software developers and security experts from leading technology companies from Bangladesh. The results showing some useful practices, such as the application of JWT (JSON Web Tokens) for authentication without sessions, RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) authorization methodologies, and encryption algorithms AES (Advanced Encryption Standard) for secure data encryption and TLS (Transport Layer Security) for securing data in transit against sensitive data disclosure. It also points out the importance of secure coding practices, vulnerability assessments, and adherence to global compliance frameworks like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).
It provides a review of how this thesis, through an all-inclusive security framework relevant to MERN applications, offers applicable insights for developers in mitigating certain identified vulnerabilities toward hardening the apps. The results underscored how critical incorporating security throughout the software development life cycle has been in dealing with emerging cyber threats without compromising performance and user experience, hence requiring concentrated consideration and investment. The research provided insight into recommendations for the future; first, investigating advanced attack vectors and integration of AI-driven mechanisms for security.