Application Security Best Practices
A good approach to thinking about security in an application is to define it as an onion – with different layers of protection. The most important thing about any application is the data that is stored and processed by it. Considering this, the databases of an application must be designed to have the correct access and protection. However, securing the database is not enough to deliver a good solution, so you must also think about the security of the application itself, defining authentication and authorization for any user who will access it. Besides that, you need to understand that your application will probably use third-party components that must also be protected. Infrastructure also needs to be monitored and secure, and there are sophisticated ways to do so nowadays. Last, but not least, there are alternative solutions that can monitor our applications by intercepting the traffic that arrives at it, guaranteeing another layer of security...
