You know the drill: XSS, SQLi, command execution. Application security is stuck in 2003. That’s not just rhetoric; the same recommendations that the Open Web Application Security Project (OWASP) delivered as the OWASP Top Ten in 2003 has largely remained unchanged over the last 14 years. Along with that, the same defensive practices of input sanitization and parameterized queries are largely still used as the best remedy to application security woes.
While these are certainly good practices, they are incomplete in today’s modern application ecosystem —they focus solely on developer remediation and offer little to no insight into how operations teams should approach application security.
Modern application security happens in four key areas: Instrumenting Business Logic, Focusing on Authenticated Traffic, Monitoring Account Actions, and Completing the Loop from Ops to Dev to Security.
To learn more about best security practices for modern Ops teams, download this whitepaper!