2Ağu
Trust Boundary Definition and Example
I am very confused with Trust Boundary. How does this work?
Do I draw a trust boundary in between the application tier and the web tier because my servers in the web tier has a higher chances of getting hacked? Or should I draw it in between my end user PCs and my web server?
Does it also mean that communication going through this must be validated and encrypted? Can I just do one of them?
