The User Experience and User Interface of any software product is often a missed opportunity to improve the security posture. Software security starts how users interact with the system. The controls and access points into the software defines the surface area for which users (or other systems) impact the application. This will include things like … Read more
The old adage “build vs. buy” doesn’t quite capture the full spectrum of decision-making in software development. A more accurate perspective considers the balance between what you build and what you purchase. Let’s examine the authentication component of “MyOwnTutorial” as an example to illustrate how this balance plays out. A purely built solution entails designing … Read more
In the ever-evolving landscape of software security, we’ve seen trends come and go faster than fashion statements at a high school prom. And just like fashion, not all trends are for the better. As someone who’s been in the trenches of software security and engineering for over two decades, I’ve seen my fair share of … Read more
MyOwnTutorial is a flexible educational platform and each of the users will play a key role in the security of the system. Domain-driven design enables us to tailor our User Management system specifically to these roles, emphasizing the importance of the ubiquitous language that enhances clarity, security, and operational efficiency across the institution. The Significance … Read more
When developing a microservice application like “MyOwnTutorial”, one of the first decisions to make is whether to define a consistent technology stack across all microservices or allow each service to use its own stack. There are benefits and drawbacks to both approaches, and understanding them is crucial to making an informed decision. Benefits of a … Read more
It is time to define design principles and shape the development of MyOwnTutorial. MyOwnTutorial construction will leverage Domain-Driven Design, Hexagonal Architecture, Event-Driven Programming, Command Query Responsibility Segregation (CQRS), Micro-service Architecture, API-First Development, and Privacy-First principles not only fortify security but also contribute to a reduced total cost of ownership (TCO). However, each of these architectural … Read more
The “Core Values” are fundamental principles that serve as the bedrock for any design, establishing the essential boundaries and guidelines within which a product must function. These values encompass not only information security measures but also other critical aspects that contribute to the product’s overall integrity and usability. To illustrate, consider Amazon, a company whose … Read more
The biggest challenge for any software tutorial is what the example to use. Most software engineering tutorials are just too simple. They have the basic functionality of a to do application. Most software security tutorials use perceived high value data set like financial data. The reason for this is that these tutorials often used to … Read more
It requires intention create software with the trust of the user in mind. That trust is built from designing software which prioritizes the three key tenants of security – availability, integrity, and confidentiality. There are numerous habits which can be built into the engineering and testing practices to support this goal. Some of these are … Read more
All software design choices drive security. It all impacts security. Programming language selection, CRUD, DRY, SOLID principles, code complexity, and even something as seemingly trivial as variable naming, can influence software security. Furthermore, we’ll explore how architectural designs like Domain-Driven Design, micro services, and event-driven architecture contribute to or detract from a system’s overall security. … Read more