Application Security
Our application layer implements robust authentication, authorization, and continuous security scanning to protect against modern threats.
Authentication
- AWS Cognito for identity management
- Federated Single Sign-On (SSO) via SAML 2.0 and OpenID Connect (OIDC)
- Client identity provider integration for seamless enterprise authentication
- Multi-factor authentication (MFA) support
Authorization
- Role-based access control (RBAC) with principle of least privilege
- Fine-grained permission model for data access
- Session management with automatic timeout policies
API Security
- HTTPS-only communication — all HTTP requests redirected to HTTPS
- TLS termination at ALB with TLS 1.2+ enforcement
- Input validation and sanitization on all API endpoints
- Rate limiting and request throttling
Frontend Security
- Content Security Policy (CSP) headers via CloudFront response headers
- XSS protection headers enabled
- Strict-Transport-Security (HSTS) headers
- Subresource Integrity (SRI) for third-party resources
Continuous Security Scanning — Aikido Security
- Static Application Security Testing (SAST) across all repositories
- Container image vulnerability scanning
- Cloud Security Posture Management (CSPM) for infrastructure misconfigurations
- Software Composition Analysis (SCA) for dependency vulnerabilities
- Continuous monitoring with automated alerting and remediation tracking
Secure Development Lifecycle (SDLC)
- All code changes require peer review and approval before merging
- Branch protection rules enforced on all production branches
- Automated CI/CD pipeline with security checks (SAST, SCA, container scanning) on every build
- No direct access to production environments — all changes deployed through the CI/CD pipeline
- Separate development, staging, and production environments with strict promotion controls
Secrets Management
- AWS Secrets Manager used for all application secrets, API keys, and credentials
- No plaintext credentials in source code, configuration files, or environment variables
- Automated secret rotation policies to limit exposure from compromised credentials
- Access to secrets restricted by IAM policies following the principle of least privilege