An overall security plan for your application must take into account appropriate risk factors.
There are four main types of security:
- Digital identity management
- Transaction security
- Software security
- Information security
The primary tools and techniques associated with digital identity management include
- Authorizationdefining who can do what.
- Authenticationproof of identity. Authentication approaches vary tremendously based on whether you're dealing with an open or a closed system.
The primary tools and techniques associated with transaction security include
- Auditabilityproof of activity
- Integritypreventing data tampering and alteration
- Confidentialitykeeping data away from those not entitled to it
- Accountabilityholding people responsible for their actions
The primary tools and techniques associated with software security include
- Preventing software piracy and enforcing license compliance (see also Chapters 4 and 15)
- Binding the software to a machine or a hardware token
- The primary tools and techniques associated with information security are the same used for transaction security, but are far less effective. The main technique is to make certain that the environment in which the data are placed is properly secured.
Don't invent your own security algorithm. Chances are it will get cracked. Use a publicly available algorithm with a well- formed key.
Never put in a back door.
Use security to your advantage. The ultimate brand element is trust, and security can help you get it.