author Jake Morrison

In traditional applications, the web application talks directly to the database. It has rights to do anything, relying on application rules to control access. If an attacker compromises it, then they can do anything, e.g. grab all the data or create a funds transfer transaction.

When security is critical …