1/2

//Authentication (SSO/SAML)
\\REST/HTTP \\REST/HTTP \\REST/HTTP SSL \\Encryption //Authorization (IDAM)
//Integrity (Encrypt)
Secure Access Layer
//Confidentiality (RBAC}
SAML/Single Sign On/ Identity & Access //Auditing
LDAP
OIDC Manager | APM //Non Repudiation (Audit Log)
Key
Orchestrations
\\SAP –Single Access Point \\RBAC \\Sessions
-Cipher
Token Validator Credential Consent Signature Verification
\\Data Encapsulation
Application \\MFA
Modules Services & APIs Authentication Services Enterprise Integrator

\\Request --- JSON Data Encapsulation \\Response JSON Network

Architecture
Zero Trust Framework
Business Activity Application & Data IP Based Request Validators/
Data APIs
Monitor Governance Privilege List

JDBC/ODBC/Rest Intelligent
Databases | Data Sources Network
Network Security

Data Adapters

IS and IS Security Traffic inspection based on:

MZ ZMZ Firewall IPS Anti DDoS Signatures |Protocol anomaly|
Servers (App | DB | Others Servers (Web | Proxy | etc. WAF APT SIEM Behaviour anomaly| Reputation

Application Architecture - Security Layout

 2/2

Benefits of creating an architecture model are:

- Providing guidelines for secure design and development
- Defining a structure to provide secure layering functionality (reusability),
- Defining a roadmap towards a security goal

The architecture is expected to care of :

I. Application Level Security:

In addition to the application security indicated in the architecture diagram, the application assessment or application architecture review is also very
important to ensure the security of the overall system. The application assessment or review comprises of:
1. Static Code Analysis which is actually a white box testing allowing security testers to validate the code for any malicious code snippets, etc.
2. Dynamic Code Analysis which is a black box testing done in run time application environment
3. Architecture Review of Controls such as Authentication, Authorization, Input validation, Output encoding, Error handling, Audit logging,
Encryption, Configuration management)
4. Threat modelling for optimizing application/network security by identifying objectives and vulnerabilities, and then defining countermeasures to
prevent, or mitigate the effects of, threats to the system.
5. Vulnerability Assessment
6. Penetration Testing

II. IS (Infrastructure) Level Security

The design and architecture of the infrastructure shall define the type of security approach required for system. However following systems need to be
in place for all or most of the systems built to run for an enterprise:
1. Firewalls
2. Web Application Firewalls
3. End Point Security
4. Intrusion Prevention System
5. Anti-Persistent threat
6. Patch Management
7. Anti Virus
8. Anti-DDoS
9. SIEM
Based on the type of system, enterprise, deployment, criticality etc the IS security is planned. For example, any banking application needs to have an
extra layer of security such as adding Virtual Private network (VPN) Anti-Phishing , Multi factor authentication etc.
The IS security needs to be extended to network security as well.