From the course: Developing Secure Software (2015)

Introduction to secure design

From the course: Developing Secure Software (2015)

Start my 1-month free trial

Introduction to secure design

- Design is an essential element of software engineering. Implementing without a solid design is like jumping out of an airplane without a parachute. Coding is expensive. Once you start writing the code and discover a major mistake, midstream or towards the end, it is most likely that you will have to start over. To avoid this very expensive trial and error process, good software engineering mandates design, which allow software developers to try various coding possibilities without actually writing the code. There are a number of design techniques widely used in the software engineering industry including modeling languages dedicated to the design process such as Unified Modeling Language or UML. In solving software security problems, the design process and its artifacts are even more important, since they capture the security design decisions. The absence of design documents most probably implies that nobody thought about how to secure their software. Even if informal, undocumented design decisions do exist, they are not too much help because the security design decisions cannot be tracked effectively and therefore, their enforcement will be almost impossible. This is why formal security design process and its documentation is so critical.

Contents