Third layer – application layer

Even though there is a properly managed firewall and hosts are installed with state-of-the-art host-based intrusion detection systems, if an application has a vulnerability, an attacker with specially crafted exploit can generally bypass all security mechanisms.

One of the reasons why the application layer is considered very important is because users directly interact with the applications, and the best part is that generally port 80 or 443 are directly open for any user to go ahead and connect to the website and web application running on the servers.

 The tools and techniques used in this layer are web application firewall, secure coding practice, static code analysis, and so on.