- A typical web application architecture comprises of three tiers i.e. web, application and database
- Security at one tier is not enough as attacker can breach the security of another tier to compromise the application
- Design web application with defense-in-depth principle i.e. providing security at each tier of the web application
- A multi-tiered security include proper input validation, database layer abstraction, server configuration, proxies, web application firewalls, data encryption, OS hardening, and so on
Design Secure Application Architecture (Cont’d)
Applying multiple layer security in application architecture design makes application robust and secure
Module Summary
- Security negligence at design and architecture phase may lead to vulnerabilities that are most difficult to detect and expensive to fix in production
- Secure design of an application is more straightforward once the security requirements are identified
- Secure design principles are the state of practices or guidelines which should be enforced on the developers to follow during development phase
- Threat modeling is a process of identifying, analyzing, and mitigating the threats to the application
- A multiple tired security include proper input validation, database layer abstraction, server configuration, proxies, web application firewalls, data encryption, OS hardening, etc.
Cheng® 