Secure by Design – the Architect’s Guide to Security Design Principles
Security is an ever more important topic for system designers. As our world becomes digital, today’s safely-hidden back office system is tomorrow’s public API, open to anyone on the Internet with a hacking tool and time on their hands. So the days of hoping that security is someone else’s problem are over.
The security community has developed a well understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers, assuming that it’s only relevant to security specialists.
In this talk, we will briefly discuss why security needs to be addressed as part of architecture work and then introduce a set of proven principles for the architecture of secure systems, explaining each in the context of mainstream system design, rather than in the specialised language of security engineering. Our technical examples will be Java centric, but the principles are equally applicable to other technology stacks.
What will the audience learn from this talk?
The attendees at this talk will learn why security principles are an effective way to share security knowledge and leave with a set of 10 key security principles that they can use to guide security work on their projects.
Does it feature code examples and/or live coding?
No, most of the principles are at application design level, so we illustrate them using a simple example application.
Prerequisite attendee experience level: