Chapter 3
Security Principles to Live By
Application security must be designed and built into your solutions from the start, and in this chapter I'll focus on how to accomplish this goal by covering tried and tested security principles you should adopt as part of an overall process improvement strategy. I'll discuss security design issues that should be addressed primarily by designers, architects, and program managers. This does not mean that developers and testers should not read this chapter in fact, developers and testers who understand secure design will create more secure software. Let's get started with a look at some high-level concepts.