Hi David,
Sorry for the delayed reply. I for some reason did not see your email till
now. Thank you very much for weighing in and volunteering to document a
threats list. I too believe that is a good starting point and we might soon
have some others weighing in with their thoughts on the proper
architectural design.
Sharing your knowledge in a both architecting a secure design in which to
connect via client/self-service A{Is as well as your recommendations on
deployment architecture are gladly appreciated.
If you can share with me your confluence ID for the fineract confluence, I
will give you the proper permissions so you can create the suggested page.
Thanks,
Ed
On Sun, Jan 6, 2019 at 2:34 AM David Yahalomi <[email protected]> wrote:
> Hello Fineracters,
>
> *TL;DR*: Let's start with a threats list and discuss each threat on it's
> own and in composition.
>
> I'm David from Articode and I've recently started setting up a self service
> fineract solution.
> In the past I've worked on developing a digital self service branch for the
> 2nd biggest bank in Israel. Their core used T24 by the swiss company
> Temenos.
> I have recently been in contact with Ed and Fiter from the fineract
> community, and I was asked by Ed to chime in this thread.
>
> In my experience, making a secure self service mobile application has many
> concerns and requirements but most of those are addressed in deployment
> architecture and the creation of a good audit and session management tool.
>
> Is there a documented list of possible threats in having a self service
> mobile app?
>
> If not, I think it will be a great first step. I would gladly start one on
> the confluence.
> Once curated, we can introduce various solutions to defend against any of
> those threats in various environments, but I think that the list is a
> mandatory step.
>
> Best,
> David
>
--
*Ed Cable*
President/CEO, Mifos Initiative
[email protected] | Skype: edcable | Mobile: +1.484.477.8649
*Collectively Creating a World of 3 Billion Maries | *http://mifos.org
<http://facebook.com/mifos> <http://www.twitter.com/mifos>
