Saturday, February 18, 2017

Application Security Principles

If you are using the Cloud to power your web or mobile applications than understanding the security is key aspect to deliver a good business application.

Following are summarized security priciples:-

1. Data in Transit protection
Consumer data transiting networks should be adequately protected against tampering and eavesdropping which can be done using the SSL Certificates via encryption and a combination of the network protection tools such as vpn networks etc.

2. Asset protection
The asset storing or processing  the data should be protected against physical tempering, loss and damage. The cloud provider limited access, moreover securing the access with key based authentication, storing data in encrypted format, backing up data can be used.

3. Separation Between Consumers
Preventing one malicious or compromised consumer from affecting service or data of  another. This can be done by interval user profiling, authentication and database where limited access to there own  account and data should be provided.

4. Operation Security
The Operational Security is required within which can be implemented with proper process and logging the activities performed by user.

5. Secure Development
Security of development is required to make the application secure by removing its vulnerability. Regular code scans should be performed during the testing phase.

6. Secure Consumer Management
The management of consumer should be secure with proper logging , password storage, password expiration, password change policies.

7. Identity and Authentication
Establishing the Identity of user and mapping the individual accesses to his identity along with the authentication to the application is required.

8. External Interface Protection
The Interface should be protected against any malicious changes resulting in the information sharing. This can be achieved by tracking any changes in the web application with proper monitoring and log analysis with events.


Post a Comment