Secure by Design – Security Design Principles for the Rest of Us
Security is a very important topic for system designers. As our world becomes digital, today’s safely-hidden back office system is tomorrow’s public API, open to anyone on the Internet with a hacking tool and time on their hands. So the days when he hoped that security is someone else’s problem are over.
The security community has developed a well-understood set of principles used to build secure (or at least securable) systems by design, but this topic is not included in the software developers’ training too often, assuming that it’s only relevant to security specialists.
In this talk, we will briefly discuss why secure design matters and introduce a set of proven principles for designing secure systems, explaining each in the context of mainstream system design. Our technical examples will be Java centric, but the principles are equally applicable to other technology stacks.