Summary

Secure by Design teaches developers how to use design to drive security in software development. This book is full of patterns, best practices, and mindsets that you can directly apply to your real world development. You'll also learn to spot weaknesses in legacy code and how to address them.

About the technology

Security should be the natural outcome of your development process. As applications increase in complexity, it becomes more important to bake security-mindedness into every step. The secure-by-design approach teaches best practices to implement essential software features using design as the primary driver for security.

About the book

Secure by Design teaches you principles and best practices for writing highly secure software. At the code level, you’ll discover security-promoting constructs like safe error handling, secure validation, and domain primitives. You’ll also master security-centric techniques you can apply throughout your build-test-deploy pipeline, including the unique concerns of modern microservices and cloud-native designs.

What's inside

Secure-by-design concepts

Spotting hidden security problems

Secure code constructs

Assessing security by identifying common design flaws

Securing legacy and microservices architectures

About the reader

Readers should have some experience in designing applications in Java, C#, .NET, or a similar language.

Table of Contents

Part 1 Introduction

1 ■ Why design matters for security

2 ■ Intermission: The anti-Hamlet

Part 2 Fundamentals

3 ■ Core concepts of Domain-Driven Design

4 ■ Code constructs promoting security

5 ■ Domain primitives

6 ■ Ensuring integrity of state

7 ■ Reducing complexity of state

8 ■ Leveraging your delivery pipeline for security

9 ■ Handling failures securely

10 ■ Benefits of cloud thinking

11 ■ Intermission: An insurance policy for free

Part 3 Applying the fundamentals

12 ■ Guidance in legacy code

13 ■ Guidance on microservices

14 ■ A final word: Don’t forget about security!

About the Authors

Daniel Deogun has a masters degree in computer science and is a senior consultant and VP at Omegapoint in Sweden. He specializes in the crossing between application development and security. His experience ranges from life supporting systems to web applications to high-performance software in various fields. Combining this with his passion for high quality design have made him a frequent speaker at renowned conferences all over the world.

Dan Bergh Johnsson is a senior consultant and VP at Omegapoint in Sweden. Dan is an Agile aficionado, Domain Driven Design enthusiast, and code quality craftsman, with a long time interest in security. While working in the crossroad of system development and security, he has helped numerous clients in different domains towards higher security of their custom-built systems. Dan shares his passion as a regular speaker at renowned international conferences as well as on his blog Dear Junior.

Daniel Sawano is a software developer, architect, and frequent speaker at international conferences. He has extensive experience from working with high-performance systems in industries such as stock trading, gaming, telco, and media. Daniel holds a master of science degree and is passionate about software design, performance, and security. He is an advocate of combining good software design principles with security thinking to create systems that are both secure and agile.