The network restrictions surrounding the web authentication service is one layer of defense. As was noted, this component is too valuable to trust to a single defense. Furthermore, authentication requests are tendered by the least-trusted component in the architecture. That component, HTTP termination, resides on the least-trusted network. What additional steps can be taken?

Part2: 500 words
Using below target architecture, who are the threat agents who will be most interested in attacking Web applications created through AppMaker?