A good starting point for building secure application architecture:
- Separate your storage: Don’t mix core application files & assets with other data. Keep user-uploaded files and activity logs separate from the main app.
- Customized configuration: review the configurable features of all architecture components. Look for unattended areas such as:
- Default accounts, especially with default passwords, left in service
- Unnecessary ports left in service, or ports left open to the Internet
- Unrestricted permitted HTTP methods
- Default configured permissions in managed services
3. Controlled access and user scope: focus on access control configurations in the early stages of development. Consider factors such as sensitive tokens, or keys passed as URL parameters, or whether a control fails securely or insecurely.
Full post here, 7 mins read