This chapter focuses on the guidelines and principles you should follow when designing an application. The following are recommendations on how to use this chapter:
Know the threats to your application so that you can make sure these are addressed by your design . Read Chapter 2, "Threats and Countermeasures," to gain understanding of the threat types to consider. Chapter 2 lists the threats that may harm your application; keep these threats in mind during the design phase.
When designing your application, take a systematic approach to the key areas where your application could be vulnerable to attack . Focus on deployment considerations; input validation; authentication and authorization; cryptography and data sensitivity; configuration, session, and exception management; and adequate auditing and logging to ensure accountability.