Categorized | Security

How to Use the Security Architecture Cheat Sheet for Internet Applications

One of the cheat sheets I created offers tips for the design and review of a complex Internet application’s security architecture. It provides recommendations for considering the following security aspects of the application:

  • Business requirements: You need to understand the purpose of the application, including what it does and how it makes money, to offer security recommendations.
  • Infrastructure requirements: You need to understand network and operating system requirements of the application to create a comprehensive security design.
  • Application requirements: You need to pay attention to application-level aspects of the security architecture, including access requirements and data flows.
  • Security program requirements: You need to incorporate on-going procedural tasks into the security design to make sure the application’s security is maintained on on-going basis.

I created this security architecture cheat sheet (among others) because it’s easy to overlook a critical aspect of the application and its ecosystem when designing its security under time pressure. Specifically, I had the following two use-cases in mind for the Security Architecture cheat sheet:

  • You can use it when examining an existing application as part of a security assessment
  • You can use it when initially designing an application before starting to implement it
  • You can use it as a reference for on-going maintenance of an existing application

Note that by “application” I mean a complex, multi-tier set of inter-dependent software and hardware components that process data and operate as part of the Internet’s ecosystem. In many cases, such applications are comprised of front-end web servers, application or middleware servers,  databases, load balancers, firewalls, security monitoring systems and so on.

In addition to being available in an HTML format, the cheat sheet is also available as a printable two-page PDF file and as an editable Microsoft Word document.

Have you found the Security Architecture cheat sheet helpful? I’d love to hear how you use it and whether you have recommendations for improving it.

Lenny Zeltser

View full post on Lenny Zeltser on Information Security

Related Posts

Posted on 29 October 2010. Tags: , , , , ,


Comments are closed.


Security Status

Beware Facebook "Timeline" scams http://t.co/W5EW0cVv
5 months ago
Nigerian government (unknowingly) hosts phishing website http://t.co/uQd42ENw
5 months ago
PCMag Awards McAfee All Access its Editors’ Choice: SANTA CLARA, Calif.--(BUSINESS WIRE)--McAfee today announced... http://t.co/FakV7Vd8
5 months ago
RT @mikko: I hadn't noticed Google Maps has added 3D models of buildings. Here's a (very accurate) view of F-Secure HQ in Helsinki http://t.co/IKfAZlak
5 months ago
North Koreans aren't known for their online presence. But others may be lured into clicking Kim Jong-Il 'videos' too http://t.co/yQOon6YT
5 months ago
How to Protect Your Professional Reputation on Facebook Timeline http://t.co/I4bcR2VN
5 months ago
This is pretty impressive from @Softpedia: Facebook scans 2 trillion link clicks and blocks 220 million posts each day http://t.co/vKsn9gNl
5 months ago
Need for integrated approach to security in industrial control systems - http://t.co/tPBCNOow with @PikeResearch
5 months ago
Some free-based music we play at work http://t.co/xu5agZfc
5 months ago
Japan’s cyber defense weapon: a virus. It includes quotes by @Luis_Corrons via @InfosecurityMag
5 months ago