Hyperguarding your Web Applications

    Advertisements
  • About

    Hyperguarding your Web Applications is maintained by affiliates of art of defence as a forum for discussing news and issues in Web Application Security, dWAF technology, PCI compliance and data protection.
  • Archives

  • February 2018
    M T W T F S S
    « Jul    
     1234
    567891011
    12131415161718
    19202122232425
    262728  

Posts Tagged ‘authentication’

Top Security Perils When Moving an Application to the Cloud: User Management and Authentication

Posted by hyperguard on December 30, 2009

Continuing with our series, we’ve identified user management and authentication as our first security peril.

Internally, the application had only trusted users. Often, internal authentication services, such as, LDAP and Microsoft Active Directory, are based on protected internal databases and used for secure user access and logging of user traffic.

The challenge here is if there has not yet been any user management, solid and secure user management has to be developed and used on the cloud.  However, if the application continues using the current authentication services, the challenge is whether the user’s credentials should be replicated and made available on the cloud—if so, how can this be done in a secure way?  Or should the user access management on the cloud ask in a secure way (i.e. through a VPN tunnel) the internal authentication databases?  Therefore, the user’s credential database does not leave the secure enterprise infrastructure, but the communication with it has to be secure.

Stay tuned for more security perils…

Follow the discussion on Twitter @hyperguard.

Advertisements

Posted in Post | Tagged: , , | Leave a Comment »