A good starting point for building secure application architecture:

  1. Separate your storage: Don’t mix core application files & assets with other data. Keep user-uploaded files and activity logs separate from the main app.
  2. Customized configuration: review the configurable features of all architecture components. Look for unattended areas such as:
  • Default accounts, especially with default passwords, left in service
  • Unnecessary ports left in service, or ports left open to the Internet
  • Unrestricted permitted HTTP methods
  • Default configured permissions in managed services

3. Controlled access and user scope: focus on access control configurations in the early stages of development. Consider factors such as sensitive tokens, or keys passed as URL parameters, or whether a control fails securely or insecurely.

Full post here, 7 mins read