The next security peril we identified is input validation. Internally, the application had only trusted users who used the application ‘as intended’, and there was not a strong need to validate user input, i.e. in form fields of the application.
The challenge is that there is variety of typical web application vulnerabilities that target weak input validation, including all classes of injection attacks, more commonly SQL injection. If the application moves to the cloud all input parameters of the application need to be validated. This could either be implemented within the application itself or in front of the application in a web application firewall.
Follow the discussion on Twitter @hyperguard.