Bulletproof Your UI: Crafting Secure and User-Friendly Interfaces

User Interface Impacts Security

The User Experience and User Interface of any software product is often a missed opportunity to improve the security posture. Software security starts how users interact with the system. The controls and access points into the software defines the surface area for which users (or other systems) impact the application. This will include things like … Read more

Security as an Enabler: The Case for a Hands-On Approach

The old adage “build vs. buy” doesn’t quite capture the full spectrum of decision-making in software development. A more accurate perspective considers the balance between what you build and what you purchase. Let’s examine the authentication component of “MyOwnTutorial” as an example to illustrate how this balance plays out. A purely built solution entails designing … Read more

Tools, Gates, and Debates: Navigating the Quirks of Software Security

In the ever-evolving landscape of software security, we’ve seen trends come and go faster than fashion statements at a high school prom. And just like fashion, not all trends are for the better. As someone who’s been in the trenches of software security and engineering for over two decades, I’ve seen my fair share of … Read more

Navigating Roles and Security: A Deep Dive into MyOwnTutorial’s User Management

MyOwnTutorial is a flexible educational platform and each of the users will play a key role in the security of the system. Domain-driven design enables us to tailor our User Management system specifically to these roles, emphasizing the importance of the ubiquitous language that enhances clarity, security, and operational efficiency across the institution. The Significance … Read more

Secure by Design: Exploring Technology Choices

When developing a microservice application like “MyOwnTutorial”, one of the first decisions to make is whether to define a consistent technology stack across all microservices or allow each service to use its own stack. There are benefits and drawbacks to both approaches, and understanding them is crucial to making an informed decision. Benefits of a … Read more

Building Blocks: Architectural Principles Driving Higher Value Software

The building blocks start with design

It is time to define design principles and shape the development of MyOwnTutorial. MyOwnTutorial construction will leverage Domain-Driven Design, Hexagonal Architecture, Event-Driven Programming, Command Query Responsibility Segregation (CQRS), Micro-service Architecture, API-First Development, and Privacy-First principles not only fortify security but also contribute to a reduced total cost of ownership (TCO). However, each of these architectural … Read more

Foundations for Success

Foundations build the castle

The “Core Values” are fundamental principles that serve as the bedrock for any design, establishing the essential boundaries and guidelines within which a product must function. These values encompass not only information security measures but also other critical aspects that contribute to the product’s overall integrity and usability. To illustrate, consider Amazon, a company whose … Read more

Designing for the Future of Education: A Tutorial on Building Secure Applications

The biggest challenge for any software tutorial is what the example to use. Most software engineering tutorials are just too simple. They have the basic functionality of a to do application. Most software security tutorials use perceived high value data set like financial data. The reason for this is that these tutorials often used to … Read more

Hiding Data in Plain Sight

Access privileges are crucial in protecting data, but they are just the beginning. There are instances where data traverses networks with inadequate or non-existent access controls. Sometimes, permissions are incorrectly configured, and occasionally, unauthorized individuals gain access to devices. In these scenarios, transforming plaintext (or clear text) data into a seemingly random string of characters … Read more

“None Shall Pass”

BlackKnight

In “Monty Python and the Holy Grail”, King Arthur “rides” up to the Black Knight. The Black Knight refuses to acknowledge King Arthur’s requests nor resopnd to any question. He only says “None Shall Pass”. For those who haven’t seen the movie, a highly tense battle ensues with King Arthur defeating the Black Knight and … Read more