Application Security

Our application layer implements robust authentication, authorization, and continuous security scanning to protect against modern threats.

Authentication

  • AWS Cognito for identity management
  • Federated Single Sign-On (SSO) via SAML 2.0 and OpenID Connect (OIDC)
  • Client identity provider integration for seamless enterprise authentication
  • Multi-factor authentication (MFA) support

Authorization

  • Role-based access control (RBAC) with principle of least privilege
  • Fine-grained permission model for data access
  • Session management with automatic timeout policies

API Security

  • HTTPS-only communication — all HTTP requests redirected to HTTPS
  • TLS termination at ALB with TLS 1.2+ enforcement
  • Input validation and sanitization on all API endpoints
  • Rate limiting and request throttling

Frontend Security

  • Content Security Policy (CSP) headers via CloudFront response headers
  • XSS protection headers enabled
  • Strict-Transport-Security (HSTS) headers
  • Subresource Integrity (SRI) for third-party resources

Continuous Security Scanning — Aikido Security

  • Static Application Security Testing (SAST) across all repositories
  • Container image vulnerability scanning
  • Cloud Security Posture Management (CSPM) for infrastructure misconfigurations
  • Software Composition Analysis (SCA) for dependency vulnerabilities
  • Continuous monitoring with automated alerting and remediation tracking

Secure Development Lifecycle (SDLC)

  • All code changes require peer review and approval before merging
  • Branch protection rules enforced on all production branches
  • Automated CI/CD pipeline with security checks (SAST, SCA, container scanning) on every build
  • No direct access to production environments — all changes deployed through the CI/CD pipeline
  • Separate development, staging, and production environments with strict promotion controls

Secrets Management

  • AWS Secrets Manager used for all application secrets, API keys, and credentials
  • No plaintext credentials in source code, configuration files, or environment variables
  • Automated secret rotation policies to limit exposure from compromised credentials
  • Access to secrets restricted by IAM policies following the principle of least privilege