The User Experience and User Interface of any software product is often a missed opportunity to improve the security posture. Software security starts how users interact with the system. The controls and access points into the software defines the surface area for which users (or other systems) impact the application. This will include things like … Read more
The old adage “build vs. buy” doesn’t quite capture the full spectrum of decision-making in software development. A more accurate perspective considers the balance between what you build and what you purchase. Let’s examine the authentication component of “MyOwnTutorial” as an example to illustrate how this balance plays out. A purely built solution entails designing … Read more
In the ever-evolving landscape of software security, we’ve seen trends come and go faster than fashion statements at a high school prom. And just like fashion, not all trends are for the better. As someone who’s been in the trenches of software security and engineering for over two decades, I’ve seen my fair share of … Read more
When developing a microservice application like “MyOwnTutorial”, one of the first decisions to make is whether to define a consistent technology stack across all microservices or allow each service to use its own stack. There are benefits and drawbacks to both approaches, and understanding them is crucial to making an informed decision. Benefits of a … Read more
It is time to define design principles and shape the development of MyOwnTutorial. MyOwnTutorial construction will leverage Domain-Driven Design, Hexagonal Architecture, Event-Driven Programming, Command Query Responsibility Segregation (CQRS), Micro-service Architecture, API-First Development, and Privacy-First principles not only fortify security but also contribute to a reduced total cost of ownership (TCO). However, each of these architectural … Read more
The biggest challenge for any software tutorial is what the example to use. Most software engineering tutorials are just too simple. They have the basic functionality of a to do application. Most software security tutorials use perceived high value data set like financial data. The reason for this is that these tutorials often used to … Read more
It requires intention create software with the trust of the user in mind. That trust is built from designing software which prioritizes the three key tenants of security – availability, integrity, and confidentiality. There are numerous habits which can be built into the engineering and testing practices to support this goal. Some of these are … Read more
Access privileges are crucial in protecting data, but they are just the beginning. There are instances where data traverses networks with inadequate or non-existent access controls. Sometimes, permissions are incorrectly configured, and occasionally, unauthorized individuals gain access to devices. In these scenarios, transforming plaintext (or clear text) data into a seemingly random string of characters … Read more
In “Monty Python and the Holy Grail”, King Arthur “rides” up to the Black Knight. The Black Knight refuses to acknowledge King Arthur’s requests nor resopnd to any question. He only says “None Shall Pass”. For those who haven’t seen the movie, a highly tense battle ensues with King Arthur defeating the Black Knight and … Read more
Protecting customers’ information is about gaining their trust. Privacy is about safeguarding that information. It is what drives confidentiality. Privacy is the customer’s expectation that what they supply will be used appropriately. Someone who posts to Twitter or LinkedIn will have different expectations than someone who uses Facebook. Though all are social media applications, the … Read more