Basic Protection Workflow
Protecting an application involves several key steps to ensure your code and data are secure. This topic introduces the basic workflow, from identifying what needs protection to validating the final product.
Typically, this process is automated and integrated into your DevSecOps lifecycle.
Step 1: Identify Protection Needs
- Determine what threats are most likely and identify the parts of your code or data that need protection.
- Select the appropriate guards for your target platform and learn how to configure them.
- Additionally, learn how to layer and vary protection for the guards and platform you have chosen.
- For more information, see Common Security Threats and App Security Best Practices.
Step 2: Obtain Cryptographic Library
- If you plan on protecting keys or data, obtain the appropriate cryptographic library. For more information, see Implement White-Box Cryptography.
Step 3: Create a Protection Blueprint
- Create a protection blueprint that describes your protection scheme. Alternatively, use the auto-configured protection blueprint offered by many of our products.
Step 4: Build the Protected Application
- Using the code you want to protect, the protection blueprint, and optionally the Digital.ai Key & Data Protection library as inputs, build the protected application.
Step 5: Validate Protection
- Finally, validate that protection works as intended and that size and performance benchmarks are met.