Securing Open Banking with Model-View-Controller Architecture and OWASP

Deina Kellezi, Christian Bøgelund, Weizhi Meng

Research output: Contribution to journalJournal articlepeer-review

14 Downloads (Pure)

Abstract

In 2015, the European Union passed the PSD2 regulation, with the aim of transferring ownership of bank accounts to the private person. As a result, Open Banking has become an emerging concept, which provides third-party financial service providers open access to bank APIs, including consumer banking, transaction, and other financial data. However, such openness may also incur many security issues, especially when the data can be exposed by an API to a third party. Focused on this challenge, the primary goal of this work is to develop one innovative web solution to the market. We advocate that the solution should be able to trigger transactions based on goals and actions, allowing users to save up money while encouraging positive habits. In particular, we propose a solution with an architectural model that ensures clear separation of concern and easy integration with Nordea's (the largest bank in the Nordics) Open Banking APIs (sandbox version), and a technological stack with the microframework Flask, the cloud application platform Heroku, and persistent data storage layer using Postgres. We analyze and map the web application's security threats and determine whether or not the technological frame can provide suitable security level, based on the OWASP Top 10 threats and threat modelling methodology. The results indicate that many of these security measures are either handled automatically by the components offered by the technical stack or are easily preventable through included packages of the Flask Framework. Our findings can support future developers and industries working with web applications for Open Banking towards improving security by choosing the right frameworks and considering the most important vulnerabilities.
Original languageEnglish
Article number8028073
JournalWireless Communications and Mobile Computing
Volume2021
Number of pages13
ISSN1530-8669
DOIs
Publication statusPublished - 2021

Fingerprint

Dive into the research topics of 'Securing Open Banking with Model-View-Controller Architecture and OWASP'. Together they form a unique fingerprint.

Cite this