Motivation
Original focus: network system level security strategies (e.g. firewalls), and reactive approaches to software security ('penetrate and patch' strategy), security is assessed when the product is complete via penetration testing by attempting known attacks or (worst) vulnerabilities are discovered post release.
Breaches are expensive (in the order of millions per breach / reputation ...)
Attackers can find and exploit vulnerabilities without being noticed (it takes months to detect and fix).
Patches can introduce new vulnerabilities or other issues (rushing is never good).
Patches often go unapplied by customers.
Objectives
Integrate security concerns as part of the product design.
Be aware of existing design practices.
Know how to apply and validate secure design applications.
Take advantage of best practices.
Last updated