Applications and services
Applications and the data associated with them act as the primary store of business value on a cloud platform. Applications can play a role in risks to the business because:
- Business processes are encapsulated and executed by applications and services need to be available and provided with high integrity.
- Business data is stored and processed by application workloads and requires high assurances of confidentiality, integrity, and availability.
In this section
|What aspects of the application do you need to protect?||Understanding the hosting models and the security responsibility.|
|Does the organization identify the highest severity threats to this workload through threat modeling?||Identify risks to the application and risks it may pose to your enterprise through threat modeling.|
|Do you have any regulatory or governance requirements?||Guidance on standards published by law, authorities, and regulators.|
|Are you exposing information through exception handling or HTTP headers?||Consider the way you store secrets and handle exceptions. Here are some considerations.|
|Are the frameworks and libraries used by the application secure?||Evaluate frameworks and libraries used by the application and the resulting vulnerabilities.|
See these best practices related to PaaS applications.
Secure communication paths between applications and the services. Make sure that there's a distinction between the endpoints exposed to the public internet and private ones. Also, the public endpoints are protected with web application firewall.