Applications & Cloud Layers
Applications
- Risks: Code injection, insecure libraries/dependencies, authentication flaws.
- Controls: Secure SDLC, dependency scanning, input validation, runtime application self-protection (RASP).
Cloud / Connectivity
- Risks: API abuse, misconfigured access, data exfiltration.
- Controls:
- IAM (Identity & Access Management).
- Strong encryption (in transit & at rest).
- API gateways.
- Shared responsibility model with providers.
