Strengthening Security in MERN Stack Applications: An In-Depth Exploration of Authentication, Access Control and Data Safeguarding

Abstract

The widespread adoption of the MERN technology stack by Small and Medium-sized Enterprises (SMEs) in developing countries like Bangladesh has exposed a critical gap between rapid software development and robust cybersecurity practices. Inherent risks within the JavaScript ecosystem, combined with significant organisational constraints such as limited budgets and skills gaps, were identified as key challenges to securing web applications. A study was therefore undertaken to investigate the lived experiences of practitioners and to develop a practical framework for improving security. The primary objectives were to identify common vulnerabilities in dependency management and access control, explore current security practices, and analyse the socio-technical factors influencing security adoption. A qualitative, interpretivist methodology was utilised for this purpose. In-depth, semi-structured interviews were conducted with 20 software developers, team leads, and managers from eight Bangladeshi SMEs, and the resulting data were systematically analysed using thematic analysis. The findings revealed a distinct spectrum of security maturity across the firms. It was discovered that practices in both software supply chain management and data safeguarding ranged from reactive and ad-hoc to highly formalised and proactive. The key determinant of a firm's maturity level was found to be its organisational culture and the perception of security as either a technical cost or a core business enabler. From this analysis, a MERN Security Maturity Model for SMEs was developed. This three-tiered framework provides a context-aware, incremental roadmap for assessing and enhancing security. It was concluded that effective security in this context is contingent on solutions that are aligned with the practical operational realities of the organisations.