05 Security issue of No-code Solutions? We Solved This Way!

SyncTree allows you to quickly and easily build a highly secure backend with Nocode.

Security is important in all industries, but it is especially sensitive in the financial sector.

One minor mistake can not only leak customer information but also cause damage to valuable assets.

SyncTree allows you to quickly and easily build a highly secure backend with Nocode.

Thanks to this, large domestic financial companies such as KB Kookmin Bank, KB Securities, National Nonghyup Bank, and Heungkuk Fire & Marine Insurance, and, of course, even global insurance companies such as AIG, AIA, and ABL are developing and managing their backends with SyncTree.

Although,

The degree and necessity of security required varies from company to company.

Accordingly, we discovered potential security issues and resolved them as follows so that more companies can use SyncTree more safely!

Key Upgrade Details

Upgrade 1 - App Scan

Outline

Upgraded security issues that require supplementation in app scans for a total of 4 services: Studio, API Portal Admin/User, and Runtime

Details

• SSL Chiper Suites related pass

• Non-existent domain link pass

• Insecure or incorrect cookie pass.

• Invalid account lockout issue pass

• Address other security issues

Upgrade 2 - Penetration Testing

Outline

Studio, API Portal Admin/User Upgraded mock hacking supplements for a total of 3 services

Details

• Passes all various security vulnerabilities such as account-related authentication login

• Pass everything, including encrypted storage of important information

• Custom page error handling for error pages while in use.

• Address other security issues

Upgrade 3 - Infrastructure Security Assessment

​Outline

Upgrade of DB and infrastructure supplements

Details

1. DB

• Account permission setup pass

• Logging Management Pass

• Pass using default port

• Address other security issues

2. Infrastructure

• Administrative directory permissions set pass.

• Configuration file permission settings pass

• Pass log format settings

• Log storage cycle pass

• Pass settings for comprehensive handling of error codes

• Address other security issues

Backend development & operation, solve it more safely and simply with SyncTree!

Keywords
Related Posts
TECH

Retrospect of Improving Runtime Performance for SyncTree 4.0 Update

We will review the efforts we have made to improve SyncTree Runtime performance and optimize the resources required for operation.
July 31, 2023
NEWS

Nocode & AI Development Competition: Syncathon (Apply Now!⏰)

Apply Now!⏰ Create anything you want with Nocode blocks
June 2, 2023
TECH

[SyncTree Dynamic URL Feature Introduction Retrospective] Part 2. This Is The Reality of Routing Implementation!

Part 2 shows the actual progress and final code of Dynamic URL-related tasks and tries to apply the theory.
August 28, 2023