This excerpt from a software development textbook chapter details proven best practices for creating resilient applications. It introduces key concepts like the security perimeter and attack surface, emphasizing the shift from network-centric security to application-level security in the age of web applications. The chapter then presents ten core principles and practices, advocating for defense in depth, positive security models, secure failure handling, and least privilege access. It stresses the importance of intrusion detection, not trusting external infrastructure or services, and establishing secure default settings. Finally, the chapter maps these best practices to nonfunctional requirements, demonstrating the interconnectedness of security and overall application resilience.

I do not own the copyrights to this book, and this material is for educational purposes only.
Secure and Resilient Software Development, by Mark S. Merkow and Lakshmikanth Raghavan, 2010, CRC, ISBN: 978-1-43-98-2697-3

свернуть