Crafting a Vulnerability Mitigation Policy for SaaS-oriented Web Application

When deadlines loom, you sacrifice security features in order to move the application more quickly into production. This reaction often results in a substandard application. A more proactive solution is to establish a Software as a Service (SaaS)-oriented web application vulnerability mitigation policy that anticipates application trouble spots and contains several pre-configured solutions to repair them.

Crafting any security policy requires planning ahead of time to resolve the issues on how purpose, scope, and background of the policy should be stated: Since data obviously stands more of a chance being exposed in a cloud environment, building a cogent web application security policy is a given. Developers should communicate with the both the cloud service consumer and provider on the issues of how much control a consumer should have, what actions the provider should take and what constraints to the policy are. Most important of all, the consumer should get a copy of the security policy (as well as those copies of the threshold policies) from the provider for review and questions to be resolve before negotiating with the provider.

Related Content: