Secure Software - Architecture & Design
The architecture and design phase is looked as the most important phase of the SDLC, when it is looked at from the security point of view. Decisions that are made during this phase play a huge role in the security of a software. If good decisions are made, it will give a structure which is more resilient and resistant to malicious attacks. This will also provide a good guide in decision-making for the subsequent phases. On the other hand, if bad decisions are made, the result can be very damaging - design flaws and weaknesses against attacks.
What are the objectives of Software Architecture & Design?
The main objectives are that the software must be complete, stable, flexible, extensible and scaleble.Com-Sta-Fle-Ext-Sca (Comsta flexsca)
What are the security-specific objectives of Software Architecture & Design?
The main objectives are- Comprehensive functional security architecture
- Resistance to attack
- Tolerance to attack
- Resilience to attack
A note
It has been reported in various publications that many of the defects that result in security vulnerabilities of a software are caused by flaws in the architecture and design of the software itself.
The goal of building security in Architecture & Design phase of SDLC
To significantly minimize the number of flaws as early as possible.
