Appendix C. A Designer’s Security Checklist
The following checklist, available in the Security Templates folder in the book’s companion content, is a minimum set of items a designer, architect, or team lead should ask herself as she is designing the product. Consider this document to be completed as a sign-off requirement for the application design phase.
Check |
Category |
Chapter |
o |
Education in place for team |
2 |
o |
Someone on team signed up to monitor BugTraq and NTBugtraq |
1 |
o |
Competitor’s vulnerabilities analyzed to determine if the issues exist in this product |
3 |
o |
Past vulnerabilities in previous versions of product analyzed for root cause |
3 |
o |
Application attack surface is as small as possible |
3 |
o |
If creating new user accounts, ... |
Get Writing Secure Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.