Simple Simon is a software technology company that has a digital work order application as its main product, this application can create and plan work orders. It also has several features that can optimize Simon's client workflow, time registration, provide automatic notifications, speed up business processes, reduce errors, and communicate with customers.
This internship assignment started with a company that wanted to create a new integration with a new ERP service that had business prospects to expand its market share. Simple Simon also wants to improve its system environment by having generic integrations and improving the integration security. The problem comes from each ERP API endpoint has a different method of getting and pushing data. However, the data that is synchronized from each ERP mostly the same. Therefore, create and maintenance the Integration takes a long time due to the diversity of requirements required of each API endpoint.
During the internship process, the intern discusses with the CEO to learn more about Simple Simon, the assignment, and the current situation. Interns also discuss with the ICT team to learn more about the technical side of integration. Interns research and review integration flows and finds security vulnerabilities. Interns found three protocols that are widely used by companies as their security standards, namely OpenId, Kerberos, and SAML. Of the three protocols, the interns made a comparison and found that OpenId supports the needs of the company more than the other two protocols.
To improve web application security, the intern highly recommends Simple Simon to use OWASP top ten web application risks as a security standard because OWASP provides a list of frequently occurring attacks on web applications. The list comes from security experts and a global survey of the OWASP organization. The standard has best practices for preventing attacks and guidance for developers. In addition, for future development, the intern highly recommends that Simple Simon is to implement the Enterprise Architecture framework. This framework can provide best practices and principles to achieve business goals.