Chapter 2 GatherinG requirements • Authentication Consideration: a. You should always opt for two-factor authentication. There are multiple two-factor authentications. • Username / Password + one-time password (OTP). • Username / Password + RSA public key cryptography algorithm- based questions and answers. • Both: In this case, if the system finds an irregularity or unusual pattern during login, the system can trigger OTP and RSA questions after login; this eliminates vulnerability and provides high security. b. Number and password masking: You should mask the password and numbers, for example, mobile device number and account number. c. Cross-site request forgery (CSRF): is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated. You need to implement Open Web Application Security Project (OWASP) CSRFGuard; that would protect the application from CSRF attack. Table 2-17. Integrity User Story Name Integrity trigger DXp application should provide data integrity while retaining data interoperability between client and server. script as a product owner, i want to maintain the integrity of data while retaining data interoperability between client and server, so that the communication channel will be secured. tokens should be used and passed with data for transmitting information between client and server. acceptance DXp application provides data integrity while retaining data interoperability between Criteria client and server. 56