Skip to content

Latest commit

 

History

History
45 lines (37 loc) · 1.5 KB

application-architecture.md

File metadata and controls

45 lines (37 loc) · 1.5 KB
description
The Role of Application Architecture Planning for Authentication, Authorization, and Controls

Application Architecture

A holistic view of the structure of the application, on how the different components, database, APIs, and third-party libraries interact within the code under the lens of maintainability, performance at scale, re-usability, flexibility, cyber security, and data privacy.

Planning for Authentication, Authorization, and Controls

  1. Introduction & Objectives
  2. Scope of Work
  3. Methodology Review
    1. Threat Modeling: STRIDE, VAST, and other approaches
    2. Deployment and Infrastructure Considerations
      1. The design identifies, understands, and accommodates the company security policy.
      2. Restrictions imposed by infrastructure security (including available services, protocols, and firewall restrictions) are identified.
      3. The design addresses the required scalability and performance criteria.
      4. The design identifies the deployment infrastructure requirements and the deployment configuration of the application.
    4. Architecture and Design Considerations
      1. Input Validation
      2. Authentication
      3. Authorization
      4. Configuration Management
      5. Sensitive Data
      6. Session Management
      7. Cryptography
      8. Parameter Manipulation
      9. Exception Management
      10. Auditing and Logging

\

  1. Controls Review
    1. Operations Controls
    2. Management Controls

Technical Controls\