Strong adherence to architecture best practices and proactive controls is the foundation of web application security. These techniques allow developers to build applications that are more resilient. Specifically, a defense-in-depth strategy helps developers further reinforce an application, hot-patch its zero-day vulnerabilities, and protect its availability. In this session, learn about common security issues, including those described in the OWASP Top 10. Also learn how to build a layered defense using multi-layered perimeter security and development best practices. This session proposes a reference architecture that includes Amazon CloudFront, AWS WAF, and Application Load Balancer.