Application Security Checklist Points for IaaS, PaaS, SaaS

Trusted virtual machine images Consideration
Compliance to standardsMulti-factor Authentication
Application Security ScanningEncryption of logsEnd point Security Measures; Antivirus & IPS
Host based Intrusion Detection/PreventionProper key and log managementLogin History & Reports from SaaS vendors
Mechanism to block and filter information traffic based on IP and portsUser AuthenticationSecurity Policy for Data in Transmit
Key managementAccount ManagementSecurity Policy for Data in Rest
Data is secured in transmission using SSL (HTTPS) or mutual SSL.Application Vulnerability scanningSecurity Policy for Data in Use
Log & Event managementEnd point Security Measures; Antivirus & IPSData is secured in transmission using SSL (HTTPS) or mutual SSL.
Evaluation of Threat/Security/Trust ModelApplication layer logging frameworksApplication layer logging frameworks
Certification – SAS 70 II, ISO 2700XData is secured in transmission using SSL (HTTPS) or mutual SSL.Compliance to standards
Application firewallPlatform independence
At the back-end, data is protected with database encryption and roles-based access control.

Leave a comment

Your email address will not be published. Required fields are marked *