Building a Secure Demo Banking App [Part 1]
Source: Dev.to
Introduction
When building software projects or applications, it is important to be aware of how quickly technology evolves. Development tools and programming languages often receive updates roughly every six months, so staying current with newer versions is essential to avoid falling behind.
However, regardless of how fast technology changes, the foundational core concepts of software development remain largely the same. With the rise of AI, generic and simple software projects—such as basic CRUD apps—no longer provide the substantial value that software engineers seek in terms of knowledge and critical thinking. To build something powerful and reliable, a project should follow best coding and security practices throughout every phase of the development cycle.
Why the Demo Banking App project?
I decided to build a fintech‑related demo application for several reasons:
- It deepens my skills in the full‑stack technologies most commonly used in fintech.
- It represents a substantial software application for my portfolio that can be showcased publicly. I refer to the entire planning, development, and deployment process as “The Golden Project,” because it covers almost all aspects of planning, coding structure, security, architectural and design patterns, as well as CI/CD.
The application will be called “Demo Banking App.” I plan to document each important feature and component to reinforce my understanding and adapt my approach as roadblocks arise throughout the build.
Project Goals & Scope
The first version of the Demo Banking App will include the following features:
- User registration and authentication
- User profile
- Account dashboard
- Transaction history
- Payments
- Notifications
- Fraud‑screening
Technology Stack
When selecting the stack, I considered relevance and usage in real‑world fintech apps, my previous experience with the technologies, and today’s software best practices.
- Frontend: React, TypeScript, Tailwind CSS
- Backend: Spring Boot
- Database: PostgreSQL
- Authentication: OAuth2 / OpenID Connect
- Observability: Prometheus, Grafana, OpenTelemetry, Elasticsearch
Architecture
The architecture pattern applied is based on microservices and the Saga Pattern. This choice addresses project complexity, ensuring scalability and smooth handling of all transactions—simulating a real‑world banking application.
Security from the Beginning
Even though this is a demo banking application, applying best security practices is crucial. For version #1, the following measures are included:
- Using environment variables instead of plain‑text values
- CORS restrictions
- Rate limiting on login routes
- Input validation
- Password encryption
Logo and Colors
I designed the logo of the Demo Banking App in a minimalist style to emphasize simplicity while maintaining a realistic corporate feel. The color scheme, intended for use throughout the app, was inspired by a German neobank.