My first “real-world” application

As reflected in the shoddy splashscreen seen here: I was very young and inexperienced when I was offered the opportunity to help out a local startup.

Before I had even finished high school I was tasked with developing a prototype app which would manage a patient database. One of the very few programming languages I knew at the time was Visual Basic (.NET 2.0!) and the application was only going to be run on Windows so things worked out well.

I met with the CEO of the small business and we discussed what he would need the application to do as I took notes on my laptop. He said the product needed to include HIPPA protected information such as patient symptoms, first and last names, letters of denial, etc.

Although I made the mistake of sending patient information through an unprotected http GET request, the server side of things did protect sensitive information with AES 256 bit key encryption before storing the blob in a MySQL database. This issue could be resolved by upgrading the server to https and further dealt with by using POST instead of GET requests and encrypting the parameters with the servers public key before sending.

Other mistakes I made during this learning process include not properly vetting server requests, meaning anybody could alter and view some things that they shouldn’t have been able to. This could be fixed by creating an access control list on the server and having the client send a PRNG token initialized at login for each and every request.

After just a few weeks of working on the project I was told that there were some security concerns and I agreed with them. I stopped working on the app but never stopped learning about encryption, UI design, the .NET framework, and building backend tools to help get things done.