Architecture work has to balance providing clear guidance for important decisions with empowering people to build their aspects of the system without interference. In this session we'll explore how security principles can help achieve this for application security. The talk explains how principles can guide design decisions without being too prescriptive and explains a set of ten proven principles for designing secure systems, distilled from security engineering practice but presented in accessible language for the working software architect.

Target Audience: Architects, Developers, Testers, Project Managers
Prerequisites: Some experience in developing large scale systems
Level: Advanced

Extended Abstract:
Security is an ever more important topic for system designers. As our world becomes digital, today’s safely-hidden back office system is tomorrow’s public API, open to anyone on the Internet with a hacking tool and time on their hands. So the days of hoping that security is someone else’s problem are over.
The security community has developed a well understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers, assuming that it’s only relevant to security specialists. Then when principles are explained, they are often shrouded in the jargon of the security engineering community and so mainstream developers struggle to understand and apply them.
In this talk, we will introduce a set of ten key, proven, principles for designing secure systems, distilled from the wisdom of the security engineering community. We’ll explain each principle the context of mainstream system design, rather than in the specialised language of security engineering, explaining how it is applied in practice to improve security.

Mehr Inhalte dieses Speakers? Schaut doch mal bei sigs.de vorbei: https://www.sigs.de/autor/Eoin.Woods