It requires intention create software with the trust of the user in mind. That trust is built from designing software which prioritizes the three key tenants of security – availability, integrity, and confidentiality. There are numerous habits which can be built into the engineering and testing practices to support this goal. Some of these are … Read more
All software design choices drive security. It all impacts security. Programming language selection, CRUD, DRY, SOLID principles, code complexity, and even something as seemingly trivial as variable naming, can influence software security. Furthermore, we’ll explore how architectural designs like Domain-Driven Design, micro services, and event-driven architecture contribute to or detract from a system’s overall security. … Read more
Information security refers to the confidentiality, integrity, and availability of the information. Within the software security space, it refers to the confidentiality, integrity and availability of a specific software component or application. Confidentiality describes who and how access to information can be used. Users provide information to the system and there’s a set of rules … Read more
Simple doesn’t mean easy. Software security is challenging. There is no question about it. The rapidly changing technology stacks combined with tools for attacks just raise the challenge to building software that is resilient. That said, Software Security does not need to be complex. It can be very simple. Not at just a high level, … Read more