2. Why Security of Application State Important?
Application state is important
The integrity of the application state is important
3. Why Security of Application State Important?
App
Amazon RDS
App
State
4. HOW TO THINK ABOUT SECURING YOUR
APPLICATION STATE
5. Modeling Data Security
Data Classification
Highly Protected Publicly Accessible
Security Controls
Preventative
• Upfront security controls
• Principle of “Defence in depth”
Detective
• After the fact compliance and audit checks
• Principle of ”Freedom within guardrails”
9. Authentication & Authorisation
Principle of
Least Privilege
PRO TIP: Separate ”Management flow” operations like CreateDatabase from ”Application flow” operations
like database queries to reduce “blast radius” in the event of application compromise
Use of IAM Secure credentials
management