Published: 03 October 2019
Effective application protection must be tailored to underlying application architecture using a mix of controls at the edge, in the inner architecture and client-side. Security and risk management technical professionals should use this research when forming their application protection strategies.
Included in Full Research
- Decision Flow 1: Where Is the Application Hosted?
- Decision Flow 2: What Protocols Are in Use?
- Decision Flow 3: What Is the Application Type?
- Decision Flow 4: What Is the Type of Compute?
- Decision Flow 5: What Are the Expected Attack Patterns?
- Protect Applications Wherever They Are Hosted
- Select Protection Based on Application Architecture and Technology Stack
- Prefer Edge-Delivered Protection for Portability and Scalability
- Prefer Combined Protection for Increased Effectiveness and Operational Simplicity
- Augment With Client-Side Protections for Client-Side Componentry
- Supplement With Inner-Architecture Protections for Microservices Architecture
- Requirements and Constraints
- Integrating With Existing Application Infrastructure
- API Integrated as an Alternative to Reverse Proxy Implementation
- Protection Deployed as Containerized Workloads
- Protection Integrated Within MSA and Service Mesh Elements
- Protection for Fully Ephemeral or Serverless Technologies
- API Abuse and Bot Mitigation in Public Sites
- Protection Platform Approach in General Architecture
- Protection Platform Approach in PaaS and CaaS Environments
- Mixed Protection Platform Approach With RASP in PaaS and CaaS Environments
- Flexible Deployment Options From Protection Platforms
- Custom Security With Edge Computing and Programming