This document discusses building applications securely on AWS. It outlines the shared responsibility model between AWS and customers, with AWS responsible for security of the cloud infrastructure and customers responsible for their applications and data. It describes the Shellshock vulnerability timeline and impact. It provides recommendations for reviewing VPC configuration, network access controls, and security groups. It also recommends automating deployment from known good AMIs, applying intrusion prevention, and using integrity monitoring to maintain the known good state.