In the era of industry 4.0 Currently, more and more digital-based business startups are emerging, they come with businesses that require the implementation of reliable technology. Technology that supports the ability to access from across geographies and without any time limitations, the ability to manage very large amounts of data to be processed into information and knowledge.

However, not a few of many startups place special attention on digital security, especially in maintaining application security. This is due to limited knowledge of threats and types of security or because they still prioritize business needs. For this reason, team memberss Neuronworks held a sharing session regarding maintaining application security which was held on the 4th floor of the Neuronworks Bandung office on January 30, 2020. There are 4 important points that must be considered to maintain application security from various attacks and external threats:

1. Security Awareness

A form of awareness of the security of the system to pay attention to:

• Digital information protection and management of the level of security in information systems.
• The urgency of maintaining system security and the impact that can occur due to loopholes or vulnerabilities in the system.
• The role of individuals in maintaining data security as well as the steps that must be taken to protect information systems.

2. Secure Coding

A code written that aims to protect against vulnerabilities from outside attacks. The types of attacks that often appear are:

• SQL Injection
• Cross-Site Scripting (XSS) Attacks
• Vulnerabilities in authentication and session management
• Insecure direct object reference (IDOR)
• Sensitive data display
• Absence of access control at the function level
• Cross-site request forgery (CSRF)
• Brute force attack
• Malicious file uploads
• Session Hijacking

3. Penetration Test

A method to evaluate the security of a particular system or network organization or company. This evaluation is carried out by conducting an attack simulation to find weaknesses in the network system. The objectives of the penetration test itself include:

• Examine application and server pages to identify security gaps as well as potential vulnerabilities.
• Assess the extent to which application security measures are able to protect the system.
• Demonstrate a commitment to due diligence and compliance with customer regulations.
• Mencegah kerugian berupa hilangnya kepercayaan pengguna serta dampak negatif pada reputasi perusahaan.
• Mengoptimalkan anggaran, waktu, dan sumber daya yang digunakan.

4. Recommendation

Recommendations in this case are a form of recommendations or suggestions that must be carried out so that the security of our application is well maintained. Several ways can be applied with the following steps:

• Use a unique name in the admin folder
• Hide error messages so they don't reveal sensitive information.
• Apply validation to forms to ensure the data entered is up to standard.
• Use complex and unpredictable passwords to improve security.