Application security involves many different elements:
User authentication. Validating the user’s identity using a user name and password, a certificate, or other credentials
User authorization. Determining whether a user is authorized to access a resource
Application process identity. The user account the application uses to access resources
Application privileges. The resources the application is allowed to access
Cryptography. Encrypting, validating, and signing data
This objective covers how to implement these security elements.
This objective discusses auditing only briefly. For detailed information, refer to Objective 5.3: Design a Diagnostics and Monitoring Strategy in Chapter 5 ...