Securing Open Banking with Model-View-Controller Architecture and OWASP

In 2015, the European Union passed PSD2 regulation, with aim of transferring ownership bank accounts to private person. As a result, Open Banking has become an emerging concept, which provides third-party financial service providers open access APIs, including consumer banking, transaction, and other data. However, such openness may also incur many security issues, especially when data can be exposed by API third party. Focused on this challenge, primary goal work is develop one innovative web solution market. We advocate that should able trigger transactions based goals actions, allowing users save up money while encouraging positive habits. particular, we propose architectural model ensures clear separation concern easy integration Nordea’s (the largest in Nordics) APIs (sandbox version), technological stack microframework Flask, cloud application platform Heroku, persistent storage layer using Postgres. analyze map application’s threats determine whether or not frame provide suitable level, OWASP Top 10 threat modelling methodology. The results indicate these measures are either handled automatically components offered technical easily preventable through included packages Flask Framework. Our findings support future developers industries working applications for towards improving choosing right frameworks considering most important vulnerabilities.