Conclusion

Security must be omnipresent throughout your infrastructure in order for you to begin to feel your application or service is secure. In order to accomplish this, it is imperative that you follow a structured methodology. In this chapter, we looked at why this methodology must be baked into the development process right from the beginning. Security spans every aspect of your systemfrom the network perimeter to the serviceas shown in the Security Wheel.

To incorporate security into the software development process, we extended the Unified Process to include several new security disciplines. These disciplines define the roles and responsibilities of the different security participants within the software life cycle. The Secure UP (as we called it) ensures that our security methodology can be supported within a software development process. Any security methodology must include this process or one like it. A secure methodology should also include how to adopt security patterns based on security use case requirements and design analysis as well as how to apply them in appropriate business scenarios.

In summary, we looked at what goes into a good security design. It starts with a methodology, leverages patterns and frameworks, and gets baked into the software development process from the ground up to deliver "Security by Default."