0

The company I work for is about to publish a custom web app (hosted in AWS) that authenticates through AzureAD. That way, when someone goes to https://www.mywebap.com it is redirected to AzureAd and, if successfully authenticated, access is granted.

What are the security risks here? Is this a recommended practice? As mywebapp will be public it can be theoretically attacked.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 1
    It's not that it can theoretically be attacked. It's that it *will* be attacked. Even non-public services get attacked. Regardless, this is pretty broad. Can you be more specific about your concerns? Security risks vary wildly depending on what the application does, who accesses it, and what it stores. Or to put it another way, [what is your threat model?](https://security.stackexchange.com/questions/225012/what-is-a-threat-model-and-how-do-i-make-one) – Conor Mancone Jan 29 '20 at 23:39
  • Thanks @schroeder. I analyzed my scenario better and I'm will no be exposing mywebapp. – cimetheshine Feb 14 '20 at 18:22

0 Answers0