Assignment 3.

Information Security.
Spring 2021.

Instructor Ms. Ayesha Iftikhar

Student Name Mehdi Raza

CMSID 49620

Department BS- Information Technology

Semester 4th

Date 18-10-2021
 IBM’s Low code/No code App security

Three days online workshop was held by IBM in which they Taught basic terminologies of App
Security

Workshop.

On the three days of the session we learned about the things discussed in the following
sections:

 Working of App ID.

 A low-code development platform refers to an app development platform that
allows you to create business and mobile apps with little to no coding skills.
 They use a graphical UI with minimal logic and drag and drop capabilities instead
of writing extensive lines of code.
 No-code development platforms allow you to create apps without writing a single
line of code.
 A no-code platform uses graphical user interfaces in addition to configurations
rather than traditional programming languages.
 No-code platforms allow you to build more applications in less time. As you don’t
have to write long lines of codes and have many capabilities to automate
processes, you can build apps within days or maybe in hours.
 Launch more and faster! You can also cut down costs that you used to spend on
hiring more developers and using multiple other tools for development. These
platforms allow you to create smooth apps that can work across multiple
platforms and devices.
Hands On lab.

 Sign-up to IBM Cloud.

 Put your email and password.
 You get a verification link with the registered email to verify your account.
 Fill the personal information fields.
 Log-in to IBM Cloud.
 Create an instance of AppID service.

 Download Node.js Sample single page

Web Application
 From overview, click on Download sample and select Node.js
Run the Sample application locally.
 To confirm your local Host URI was added to the list of allowed redirect URIs. a Manage
Authentication > Authentication Settings, http://localhost:3000/

 Open terminal/ cmd/ windows PowerShell and navigate to the sample folder. Run the
following commands to build and start the application

 Test User Authentication

 Open your application in browser by pasting your localhost URL
 Click on Login and you will be redirected to login page.
 Enter your credentials and login to your test app.
 Securing Spring boot app with Low code/No Code
Download Sample Application.
 Download the sample app from workshop's Git Repository click on code and download zip
file. Unzip the file to a path of your choice.

Add the App ID service configuration to the app and create scope
 From App ID Dashboard, select Applications in the left pane, click on add a new application.

 Give your application a name and define the scopes elevator.call, elevator.stop, and
elevator.service to represent the specific operations that the different roles can perform. click
on save.
 Creating Roles
 Now that App ID is configured, scopes are created and we have the users that we need, let's
walk through creating roles. Create your roles by going to Roles and profiles > Roles > Create
role.

For our workshop we will create roles Caller and Technician.

 Create role "Caller"

Give name caller and add scope "Elevator/elevator.call"

Securely Manage access to Application’s Sensitive Data on IBM Cloud

 Go to Spring Initializr page and generate a Maven project with default specifications. Click on
generate to download the project. Unzip the file to a path of your choice.
 Add App ID service configuration to the app.
From App ID Dashboard, select Applications in the left pane, click on add a new application.

Click on “View credentials” to display the application credentials.

 Add the web redirect URL in App ID.

 Go to Manage Authentication > Authentication Settings and
Add http://localhost:8080/login/oauth2/code/appid as your web redirect URL.

 Add necessary dependencies to pom.xml

 configure security

 Add the protected REST endpoints

 Add a HTML page to call the protected REST endpoints

 Build and run the app
 Build and run your app using the following commands:

mvn clean
mvn package spring-boot:run

 Create role "Technician"

Give name Technician and add scopes "Elevator/elevator.call", "Elevator/elevator.stop",
"Elevator/elevator.service"
 Assigning Roles to Users.
 Assign the roles to specific application users by going to Roles and profiles > User
profiles. Then, choose the user that you want to assign the role to and select from available
roles to assign

 Build and run your application.

We build and ran both "Elevators-backend" and "Elevators-app" for our app to run successfully.

npm install npm start

Our Overall Learnings.
From the three day IBM Low Code/No code application security session I learned many things of
which some them are mentioned as under.

 Introduction to the low code/No code application security.

 Importance of adopting security.

 Introduction, working and benefits of App Id.

 Use App Id to manage user permissions to application resources.

 Authentication and authorization.

The End.