Chapter 6 DXp SeCurity • Application server layer security: The main security vulnerabilities at this layer are injection attacks, and insecure encryption methods. The security best practices to mitigate the security threats at this layer are robust input validation; enforcing right access to resources; proper error handling; robust encryption methods; and using robust auditing, monitoring, and logging. • Database server layer security: The main security vulnerabilities at this layer are weak password and elevation of privilege. In order to address this, we need to enforce least privilege access to the application database user and establish robust data backup and recovery processes. • Services server layer security: At this layer the main security concerns are information disclosure and absence of encryption measures. In order to address this, we need to enforce message level security such as encrypting messages, adding security tokens (encrypted information consisting of details such as logged-in user role, timestamp, and such) to the messages, and using a secure transport layer for message communication. In addition to these layer-wise security measures, we should also include the following in security best practices: • Robust security planning: We need to do a detailed security requirement assessment of the DXP application and do the threat profiling. Threat profiling will help us to identify the security scenarios and we can develop test cases based on that. • Static and runtime security testing: Static security testing includes automated security testing and secure code review; runtime security testing includes penetration testing. • Continuous security testing: Security testing should be carried out throughout the project lifecycle on an iterative basis. A real-time security monitoring infrastructure should be set up to continuously monitor security incidents. 186