🧠
MY SECOND BRAIN
meBlogLinkedInGitHub
  • Second brain
  • AI - Artificial Intelligent
    • AI-labeling
    • AI-training
  • Books
  • Code
    • Linux
    • Gradle
  • Company
    • Interview
  • Computer science
    • Data Structures
    • Algorithms
    • Concurrency
  • Container
    • Docker
      • Docker | Private Docker Registry
    • Kubernetes
  • Distributed systems
    • Akka
    • Analytics
    • Delivery guarantee
    • Kafka
    • Rebalancing
    • RPC
      • gRPC
  • Food
    • Recipes
      • Tiramisu
  • Git
  • GH CLI
    • GH CLI | Pull Request
  • SSH
    • SSH bastion | SSH Jump host
    • SCP
  • Learning
  • Management
  • Reactive systems
  • System Design
    • CAP Theorem
    • Domain Driven Design
    • System Design Interview
    • Load Balancing
    • CDN
  • OCR
  • Productivity
    • Alfred
  • Health
    • Teeth
  • Devops
  • Data stores
    • Elasticsearch
    • Mongo
  • Germany
    • Berlin
      • Where is to buy Christmas trees in Berlin
    • Internet in Germany
      • Install custom router for telekom
  • Transport
    • Bikes
  • Travel
    • Russia
      • Moscow
        • Moscow Attractions
    • United Kingdom
  • Writing
    • Markdown
      • Markdown Tables
  • Programming languages
    • Java
      • Java | OCR
      • Java | Spring
      • JAVA | How to install multiple Java versions on macOS
    • Go
    • Kotlin
    • Python
  • Optimization
    • Email
      • Zero inbox
  • Finance
    • Investment
      • Online brokers
  • People
  • Security
    • SaaS Security
  • Unix
    • Shell
      • ZSH
  • Work
    • Feedback
Powered by GitBook
On this page
  • Potential Risks and Threats
  • Evaluation of SaaS Security (SANDPIT)
  • Links
  1. Security

SaaS Security

Potential Risks and Threats

  • Access risk

    • SaaS apps are always on that is why anyone can reach them on internet

    • Credential stuffing & password spraying are common attacks

  • Misconfiguration risk

    • Too many administrators

    • Lack of visibility into SaaS security settings and changes

  • Shadow SaaS

    • deployed application in the same cloud account as the main SaaS application

    • the deployed service was done without the security approval

Evaluation of SaaS Security (SANDPIT)

  • S - Scalability and Resiliency

    • Provider's ability to scale and recover from failure

  • A - Access Control

    • Who has access to the app?

    • Authentication and Authorization

  • N - Network and Boundary Controls

    • North-South traffic

      • ingress and egress controls

      • control traffic in and out of the network

    • East-West traffic

      • segmentation

      • Understanding how data isolated or commingled

  • D - Data Protection

    • Encryption

    • Managed certificates and keys

    • Use unique keys for each instance

  • P - Privacy

    • The infrastructure should be compliant with any laws are important for your business

  • I - Incident Response

    • When something is happened, the monitoring tools should be able to detect it and show to customers when and what happened

  • T - Third-Party Attestation

    • Annual assessment and report of cloud service provider

    • Conducted by an external auditor (e.g. SOC2)

Links

PreviousSecurityNextUnix

Last updated 1 year ago

LinkedIn Learning - Securing SaaS