A Developer’s Complete Guide to Filestack Security

App development can be an intense process. So much work goes into the different components of making a truly successful app and security is absolutely vital to the process. You need your data to be and stay secure. You need your users to be protected.

Malicious attacks are one of the great existential threats to developers. Data breaches, downtime and even minor frustrations to a user base can instantly degrade a brand. The last thing you want as a developer is to introduce an exploit that victimizes their users. You need this protection at your fingertips, and you don’t necessarily have time to construct it from scratch. Filestack is embedded with a host of security features that protect from almost every major source of danger. We’re going to cover the primary components of that security to help you organize your own approach to developing a secure app from the outset.

Filestack security permissions in your Dev Portal

Encryption

Encryption is a vital component of file upload security. Filestack security measures work tirelessly on two fronts. First, they protect all data in transit. This protection reduces the risk of anything being compromised during regular communications, and it is especially important when applied to user uploads. The second front of protection resides with static data. When data is not in use, it is still encrypted. This creates a digital vault that protects key files at all times, and it is essential to defending against most kinds of intrusions and corruption that threaten all aspects of app development, deployment and maintenance.

What matters most about Filestack encryption is that it is more than just an afterthought squeezed into the API. Since external tools aren’t required to encrypt or decrypt data, the risk of failure and complications is significantly reduced. This enables the encryption protocols to integrate seamlessly with the rest of Filestack security.

Encoding

Encoding is essential to many app functions, but it’s also important to consider it from a security standpoint. Filestack encoding utilizes data transformation to confuse attacking systems. While the visible components of your app remain easily accessible to humans, the encoding obfuscates what might otherwise be vulnerabilities within the app. When this is built on the back of core encryption, it ensures that data is easily consumed by desired targets but is not easily reverse engineered into knowledge that could endanger your app, data, network or other systems.

Upload Protection

One of the most important reasons to have data encryption running is for a secure upload. Whether you’re uploading to a web server or a peer device, encrypting uploads helps secure the upload gateway. This is a common point of vulnerability that is exploited by malicious attacks, and when it isn’t secured, it can lead to ruin. Data theft, application downtime and the complete loss of trust in your brand that comes from both of these failures can spell doom for an app, and in extreme cases, the developer(s) behind that app.

Protecting files you upload is important. Securing user uploads is even more valuable. Filestack authentication policies, utilizing Base64URL-encoded JSON and HMAC-SHA256, add to upload security. We have a nice overview that shows you how the processing API handles authentication and contributes to a secure file upload process.

Filestack takes an additional measure to protect data when you upload. It utilizes network isolation to reduce vulnerabilities. It’s pretty obvious that you don’t want external parties accessing any data that you haven’t explicitly authorized. Network isolation creates additional barriers that restrict access to nodes that you don’t want involved in data transmissions. This extra layer keeps your static data completely segregated from the upload and reduces overall risk.

Last, and certainly not least, Filestack integrates virus detection into its defenses. This virus scan can be applied to all user uploads. With a proper workflow, you can assign the determining logic to handling flagged or malicious files. The automation makes it easy to manage problems before they escalate and protect the rest of your data and systems while the malicious files are still in segregated storage.

Download Protection

A reliable, secure document upload is important, but it’s only half the battle. Download protection is best achieved through a unique multi-layered process. XSS protection keeps malicious scripts out of your web presence. Cross-site scripting threats can give attackers access to deface your website. Even worse, they can exploit the site to run scripts that harm users. Filestack’s XSS security closes these vulnerabilities by sanitizing user inputs.

Policy structure gives you more control over how downloads are secured and processed. You can require authentication for every request and inject a signature policy as part of the request path, in the body of a request or via query parameters. More importantly, policy structure introduces timing windows that reduce opportunity for malicious attacks.

Domain Whitelisting

A crucial security measure for any web presence is domain whitelisting. At its surface, it’s a simple process of limiting which domains can access your API key. The concept has deep-reaching impacts. Most web-based attacks are designed to access API keys. Whitelisting is a powerful approach to stopping requests before they can cause harm.

This is counter to traditional methods of security. Blacklists compile tables of known bad domains. Whitelisting flips that script. You have to personally add any domain to the whitelist. The mechanics eliminate the vast majority of threats before they can cause any harm.

Of course, whitelisting alone doesn’t stop everything. Spoofed domains could still penetrate this single line of defense, but the authentication, detection, network isolation and host of other security features built into Filestack are intended to stop all of that. It’s when everything works in harmonious concert that you get substantial protection that doesn’t come at the cost of functionality and efficiency.

Whether you want to learn more about removing viruses from an app or ways to keep your app secure, we have you covered. Take the time to get to know Filestack and everything we offer and see just how far we can go to help you develop the best and most secure applications. Take advantage of all of this and more by signing up for a free account today.

Read More →