In the era of industry 4.0 Currently, more and more digital-based business startups are emerging, they come with businesses that require the implementation of reliable technology. Technology that supports the ability to access from across geographies and without any time limitations, the ability to manage very large amounts of data to be processed into information and knowledge.

However, not a few of the many startups are placing special attention on digital security, especially in applications. This is due to limited knowledge of threats and types of security or because they still prioritize business needs. For this reason, team members Neuronworks held a Family Gathering sharing session regarding security applications which was held on the 4th floor of the Neuronworks Bandung office on January 30, 2020. The purpose of this Family Gathering is scheduled to convey 4 important points that must be considered to maintain application security from various attacks and external threats:

1. Security Awareness

A form of awareness of the security of the system to pay attention to: • The security of the information system and the level of security of the information system
• The importance of system security and the consequences of system security weaknesses
• Individual responsibility for the security of information systems and actions to secure information systems

2. Secure Coding

• A code written that aims to protect against vulnerabilities from outside attacks. The types of attacks that often appear are:
• SQL Injection
• Cross-Site Scripting (XSS) Attacks
• Vulnerabilities in authentication and session management
• Insecure direct object reference (IDOR)
• Sensitive data display
• Absence of access control at the function level
• Cross-site request forgery (CSRF)
• Brute force attack
• Malicious file uploads
• Session Hijacking

3. Penetration Test

A method to evaluate the security of a particular system or network organization or company. This evaluation is carried out by conducting an attack simulation to find weaknesses in the network system. The objectives of the penetration test itself include:

• Examine application and server pages to identify security gaps as well as potential vulnerabilities.
• Assess the extent to which application security measures are able to protect the system.
• Demonstrate a commitment to due diligence and compliance with customer regulations.
• Avoid loss of consumer trust and business reputation
• Save budget, effort and mind

4. Recommendation

Recommendations in this case are a form of recommendations or suggestions that must be carried out so that the security of our application is well maintained. Several ways can be applied with the following steps:

• Use a unique name in the admin folder
• Hide error messages so they don't reveal sensitive information.
• Apply validation to forms to ensure the data entered is up to standard.
• Use complex and unpredictable passwords to improve security.