Application Security layer should take into account for all the use case and abuse cases and how the system will be used, deployed and managed.
- Information Security Policies
- Physical Security
- Secure Networks and Systems
- Vulnerability Programs
- Strong Access Control Measures
- Protect and Backup Data
- Monitor and Test Your Systems
Layered security implies implementing multiple layer of defense mechanisms to secure a service. This approach is also referred to as the Defense in Depth.