From the course: Practical Secure by Design: Threat Modeling to Build Resilient Products
Join today to access over 24,900 courses taught by industry experts.
Security requirements: Setting secure defaults from the start
From the course: Practical Secure by Design: Threat Modeling to Build Resilient Products
Security requirements: Setting secure defaults from the start
- [Narrator] Now this is the most important exercise of this chapter. First, we went through the scope and we understood what user's API and checkout API did. Second, we tested the insecure implementation and we found out that the implementation may not have been perfect. Third, we did a threat model, and I came up with three threats that I think are quite valid and very much applicable to the user's API and the checkout API. I also believe that these three threats do not have secure defaults. Now, as security engineers, you and I need to come up with security recommendations. This security recommendations will then be fed into the product requirements document, and then the application is actually going to get more secure. Now, each threat may have multiple security recommendations. That's okay. For the sake of this exercise, try to keep it simple. A bit later, when you go for a take-home challenge, that's when you…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Insecure default settings and their risks5m 39s
-
(Locked)
Insecure implementation: Real examples of default pitfalls3m 49s
-
(Locked)
Threat model: Risks of unsafe defaults4m 11s
-
(Locked)
Security requirements: Setting secure defaults from the start6m 9s
-
(Locked)
Real-world example: Secure defaults in practice3m 12s
-
(Locked)
Challenge: Enforce secure defaults in your application45s
-
-
-
-
-
-
-