Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Over the net I encountered following phrase:
Software security isn’t a layer on
top of your application, it is
incorporated in your application from the very beginning.
But how do you design a system with security in mind?
As the first thing, and starting point of all security considerations, you need to define a threat model: what are the things that you want to happen, what are the things you want to prevent from happening, what are the things that you don’t care if they happen?
Then, for each threat, explain how your system prevents that threat. What makes the expertise of security experts is primarily an intuition of what threats occur typically in systems. You learn that by reading literature – it’s often the same threats that challenge many systems.