From the course: Developing Secure Software (2015)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Detailed design-level threats
From the course: Developing Secure Software (2015)
Detailed design-level threats
- It is often the case that organizations solely focus on secure coding to improve software security. However, secure design is more fundamental and could have an even bigger impact on software security. Software developers often face recurring security problems. For example, improper input validations make software vulnerable to attacks such SQL injection attempts. There are usually well-known solutions to these recurring security problems an individual developer can quickly adopt. These well-known solutions are referred to as design patterns for security. At this point, developers have three choices. The first is not doing anything about the vulnerability, which is the worst. The second one is ignoring the existing best practices in the form of design patterns and develop your own, which could be sub-optimal. The last one is using the design patterns. Remember that design patterns provide a local solution and can only partially address the security problems at hand for that…