Most security vulnerabilities exist at the application layer, not the network layer. Microsoft IT’s ACE team has developed best practices for securing applications and shares the process, lifecycle, and approach they take in reviewing applications for security compliance.