Was not sure if i chose the right location for this post.. so apologies in advance if i have to recategorize this post.
I am trying to locate resources (standards, checklists etc.) which will help accessing the security posture of a Cloud Based Application. There is OWASP and other standard resources but what if the application is not a web based application hosted on a cloud provider but a Integration based application running as PaaS. There is no front end but a lot of data manipulation. In such a scenario are we just limited to looking for PII data that is being extracted, transformed and moved around. Do we have to look at any other aspect of "Secure Coding Practices" that are being violated. If any member can share their experience, would greatly appreciate it.