SEC407-R: A defense-in-depth approach to building web applications

Strong adherence to architecture best practices and proactive controls is the foundation of web application security. These techniques allow developers to build applications that are more resilient. Specifically, a defense-in-depth strategy helps developers further reinforce an application, hot-patch its zero-day vulnerabilities, and protect its availability. In this session, learn about common security issues, including those described in the OWASP Top 10. Also learn how to build a layered defense using multi-layered perimeter security and development best practices. This session proposes a reference architecture that includes Amazon CloudFront, AWS WAF, and Application Load Balancer.