Start of main content
Alexey will talk about a financial accounting application for small and medium businesses. It allows to manage sales, expenses, plan future payments and analyze the company's financial state with the help of dashboards.
When designing the application there was a great emphasis on data security, to exclude the external impact not only on the backend, but also on the frontend.
In a comparative analysis of analogues, only 3 out of 15 Russian and foreign services provide data encryption, but not at all stages of information transfer. The most common ways for attackers to obtain user data from the outside are XSS, CSRF and bruteforce attacks. Basic frontend actions are authentication and two-factor protection. But how to further secure the storage, transmission and handling of data?
Based on personal experience, the speaker will tell how to completely lock the data from the system, so that only the user has access, so that the calculations are performed on the server and so that it is possible to use mathematical methods on top of the encrypted data. How to organize the architecture so that the encryption does not affect the main thread? What are the nuances to consider and how to deal with them? All this will be covered in this talk.
The basic architecture is built on a mix of React x Redux x TypeScript.
Encryption algorithms: RSA, AES, Paillier cryptosystem.
For architecture organization: RxJS, Web Worker, Web Assembly.
Target audience: JS developers and anyone interested in security and encryption.