There is so much more to security design than planning out a modularized application with minimal privilege. So, how do we get where we want to go? Although there are many differing software development processes, security design efforts typically include most of the following specific steps, and ask the following specific questions:
Assess the risks and threats:
What bad thing can happen?
What are the legal requirements?
Adopt a risk mitigation strategy:
What is our plan?
Settle high-level technical issues such as stateful versus stateless operation, use of privileges, or special access by the software:
How does it work?
Select a set of security techniques and technologies (good practices) to satisfy each requirement:
What specific technical measures should we take?
Resolve any operational issues such as user account administration and database backup (and the protection of the resulting media):
How will we keep this application system operating securely?
Here we present an informal way of working that has sufficed for our purposes for many years. There are ...