Appendix C. A Designer’s Security Checklist

The following checklist, available in the Security Templates folder in the book’s companion content, is a minimum set of items a designer, architect, or team lead should ask herself as she is designing the product. Consider this document to be completed as a sign-off requirement for the application design phase.

Check

Category

Chapter

o

Education in place for team

2

o

Someone on team signed up to monitor BugTraq and NTBugtraq

1

o

Competitor’s vulnerabilities analyzed to determine if the issues exist in this product

3

o

Past vulnerabilities in previous versions of product analyzed for root cause

3

o

Application attack surface is as small as possible

3

o

If creating new user accounts, ...

Get Writing Secure Code now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.