Security Design Guidelines

From Guidance Share

Jump to: navigation, search

Designing a secure application can present architects and developers with many challenges. Design guidelines represent the set of practices that can be employed to reduce the risk of security vulnerabilities.


Each guideline must meet the following qualifications before it is included:

  • Actionable. Must be associated with a vulnerability that can be mitigated through the use of the guideline.
  • Relevant. Must be associated with a vulnerability that is known to affect real applications.
  • Impactful. Must represent key engineering decisions that will have a wideranging impact.


The set of guidelines is distilled into a pattern-based security frame, or framework, that describes all of the areas in which poor design can lead to security vulnerabilities. The security frame allows the inclusion of additional guidelines or the refinement of existing guidelines based on newly discovered vulnerabilities.


Resources

Personal tools