Security Design Guidelines

From Guidance Share

Revision as of 06:50, 6 March 2007; Admin (Talk | contribs)
(diff) ←Older revision | Current revision | Newer revision→ (diff)
Jump to: navigation, search

Designing a secure application can present architects and developers with many challenges. Design guidelines represent the set of practices that can be employed to reduce the risk of security vulnerabilities.

Each guideline must meet the following qualifications before it is included:

  • Actionable. Must be associated with a vulnerability that can be mitigated through the use of the guideline.
  • Relevant. Must be associated with a vulnerability that is known to affect real applications.
  • Impactful. Must represent key engineering decisions that will have a wideranging impact.

The set of guidelines is distilled into a pattern-based security frame, or framework, that describes all of the areas in which poor design can lead to security vulnerabilities. The security frame allows the inclusion of additional guidelines or the refinement of existing guidelines based on newly discovered vulnerabilities.


Personal tools