Discover the level of security involved in the design phase in the SDLC.
- As we begin talking about culture changes…around secure coding,…I think it is only fitting to talk first…about the point where most developers…begin their engagement,…and that is the design.…Design is a great place to start looking at ways…to make your application more secure for various reasons,…but I want to focus on some strategies…for how to take security into account during design.…I like to start all of my design activities…by looking at the system design.…
Whether it's a complete system in waterfall…or a simple feature in Scrum,…the system itself is key.…By looking at what you are building,…you can start looking at ways to destroy it,…and that is in my opinion…one of the greatest assets for a secure developer.…I feel very strongly that developers struggle with security…because they are trying to build,…not tear down.…Good security people learn how to tear down systems.…
They learn how to exploit features to attack the system.…This is what you should aim for in design.…Look at your system…or even your feature with a critical eye.…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.