Public Cloud (AWS)

E-Commerce Platform

A multi-tier web application handling user authentication, product catalog, shopping cart, and payment processing. This threat model demonstrates common vulnerabilities in cloud-hosted e-commerce systems.

System Architecture

Click on any asset to see detailed information. The diagram shows security zones from untrusted (Internet) to highly-trusted (Data Tier).

Scroll horizontally to see full diagram

Internet

Untrusted

External users and potential attackers

DMZ

Semi-trusted

Edge services filtering external traffic

Web Tier

Semi-trusted

Stateless web servers serving content

App Tier

Trusted

Business logic and service orchestration

Data Tier

Highly Trusted

Persistent storage with sensitive data

Key Security Principle: Defense in Depth

Notice how traffic must pass through multiple security zones before reaching sensitive data. Each zone adds a layer of protection: WAF filters attacks, Load Balancer distributes traffic, and API Gateway authenticates requests. This means an attacker must bypass multiple controls to reach the data tier.