Chapter 2. Basics of Security

Topics in This Chapter

• Security Requirements and Goals

• The Role of Cryptography in Security

• The Role of Secure Socket Layer (SSL)

• The Importance and Role of LDAP in Security

• Common Challenges in Cryptography

• Threat Modeling

• Identity Management

The quickest and most reliable way to secure your computer is to not turn it on. Because that's not a viable option, you are left with a variety of complex possibilities. As a software developer, you must completely understand the basics of security before beginning the software design. Security is a broad term that includes all physical and logical access to business locations, resources, and data. As a software developer, you must have an equally broad knowledge of the environment that you need to secure. For example, securing an application doesn't require implementation of authentication and access control functionalities alone. It also requires a range of other thingsfrom securing the host on which that application resides to securing the client that accesses the application over a network. In simpler terms, the five major goals of information security are as follows:

• Confidentiality

• Integrity

• Authentication

• Authorization

• Non-repudiation

These five goals serve as the basis for incorporating security in software applications and for delivering trustworthy business applications and services. This chapter provides a tutorial on basic security concepts. It introduces the fundamentals of security requirements, the role of cryptography and identity management technologies, and the common challenges posed by using these technologies.