What's the topic?

What Information About The Application Architecture Needs To Be Collected For AppSec Purposes?

Thu, 25. Feb. 2021, 11:45 - 12:30

The microservice architecture is being increasingly used for designing and implementing application systems in both cloud-based and on-premise infrastructures. There are many security challenges need to be addressed in the application design and implementation phases, e.g.:threat modeling and enforcement of the principle of least privilege, data leakage analysis and attack surface analysis.In order to address some security challenges it is necessity to collect security-specific information on application architecture, but in most cases existing application architecture documentation is not suitable for AppSec engineers. The goal of this research was to provide a concrete proposal of approach to collect microservice-based architecture information to securing application. Research results were contributed to the OWASP community – please see “Microservices based Security Arch Doc” cheat-sheet in OWASP Cheat Sheet Series.

Powered by: