Regarding application security, we will explore: 

• Securing the data between the endpoints while it is being transported to prevent a man-in-the-middle attack.
• Encrypting and storing the data at rest.
• Encrypting all the critical data, including passwords and keys used by the application. We have already covered this previously in the Using the AWS Key Management Service section.