From the course: Developing Secure Software (2015)
Introduction to secure design
From the course: Developing Secure Software (2015)
Introduction to secure design
- Design is an essential element of software engineering. Implementing without a solid design is like jumping out of an airplane without a parachute. Coding is expensive. Once you start writing the code and discover a major mistake, midstream or towards the end, it is most likely that you will have to start over. To avoid this very expensive trial and error process, good software engineering mandates design, which allow software developers to try various coding possibilities without actually writing the code. There are a number of design techniques widely used in the software engineering industry including modeling languages dedicated to the design process such as Unified Modeling Language or UML. In solving software security problems, the design process and its artifacts are even more important, since they capture the security design decisions. The absence of design documents most probably implies that nobody thought about how to secure their software. Even if informal, undocumented design decisions do exist, they are not too much help because the security design decisions cannot be tracked effectively and therefore, their enforcement will be almost impossible. This is why formal security design process and its documentation is so critical.
Contents
-
-
-
-
-
Introduction to secure design1m 31s
-
(Locked)
Security tactics1m 21s
-
(Locked)
Security patterns1m 38s
-
(Locked)
Security vulnerabilities2m 1s
-
(Locked)
Architectural analysis for security2m
-
(Locked)
Case study: Setting the Stage33s
-
(Locked)
Case study: Tactic-Oriented Architectural Analysis1m 36s
-
(Locked)
Case study: Pattern-Oriented Architectural Analysis2m 33s
-
(Locked)
Case study: Vulnerability-Oriented Architectural Analysis1m 44s
-
(Locked)
Software security anti-patterns2m 7s
-
-
-
-
-