Any SaaS solution is a n-tier system, and as such, all the tiers should be protected, not only the application layer. If we put all our effort in the application and its code, we might miss important vulnerabilities in other parts of the attack surface.
- The value of a pentest
- Off the top of my head: Is availability really a cybersecurity pillar?
- Off the top of my head: About having everything green in Qualys
- Information security requirements on the US “Executive Order on Improving the Nation’s Cybersecurity”
- How to find OpenSSL in our infrastructure