Designing Applications for Security and Resilience

Design phases recommended (risk/hazard -> requirements).

• Misuse case modeling.

• Security design and architecture review.

• Threat and risk modeling.

• Risk analysis and modeling.

• Security requirements and test case generation.

Design to meet nonfunctional requirements (worst case).

Design patterns (proven templates for solving issues).

Architecture for the web/cloud (particular attack surface).

Architecture and design review checklist.