A Paranoid Coding To Secure A Web Application Programming Interface Case Study Of A Document Sharing Application

The weeks succeed one another and look alike without respite for the systems which are constantly under computer attacks.These attacks no doubt helped by increasingly sophisticated tools like payloads,the phenomenal computing capacity of current machines are claiming victims and will continue to do so.The web through ecommerce,digital marketing,online banking,teleconsultation,teleworking is concentrated most of the internet traffic and in turn the privileged target of these malicious acts.Indeed,companies that guarantee the protection of their consumers' personal data sometimes fail to put in place a basic security solution.This is why stolen personal data is sold every day on the dark web.And as if that were not enough,developers having the concern to satisfy the customer faster by releasing an application in record time,postpone security every time.Sometimes these designers do not have a high culture of application of cryptography or have little interest in it;which add another layer of vulnerability that gives access to systems even without being a real insider.It is this bitter observation that pushed us to carry out this research which leads us to build a web service that is not much more secure by applying solid cryptography algorithms like Salsa20 / Chacha20 through simple Box and secret Box.In this work,we have chosen to develop the entire application in Ruby,especially since the language is very well developed and has pretty good libraries and syntaxes for server-side coding.We have therefore chosen to encrypt all sensitive data fields to avoid exposing them in case attacks on the hosting servers take place.Finally,to make it a complete solution we developed a Naive Bayes algorithm to detect suspicious requests on the different pages of the application.This choice of the Bayesian classifier is explained by the fact that its application is straightforward and has proven itself in many fields such as emails SPAM classification,the detection of fraud on bank cards,the classification of documents etc.It also has the advantage of being applied to data and numerical and categorical.