Application Security Principles
Businesses depend on robust, reliable, and secure software to ensure their continued operation. But with a lot of software, security is cobbled on as an afterthought. According to consultant Ted Demopoulos, security needs to be part of the system design, because adding it later can be difficult, if not impossible. In this program, he explains the principles for developing reliable and secure software, noting that they don't depend on the underlying operating system, networking, or development language. Demopoulos opens the program with an introduction to application security principles, explaining that there is a lot more involved than simply writing good code. Next, he looks at security issues in development, focusing on balancing security requirements and practical considerations. Demopoulos continues by exploring threats, vulnerabilities, and risks, and paying special attention to threat modeling techniques. He also examines secure programming concepts and implementation issues. Demopoulos concludes with a look at security testing and code reviews.