Information security practice has evolved to be pretty good at granting and managing access to confidential information - by people. But automation is taking over, requiring a shift in how we think about securing our infrastructure and applications.
In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.
In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using techniques like white-box analysis and black-box testing. They also talk about secure coding practices based on the defense-in-depth approach using three lines of defense: input validation, hotspot protection, and output validation.
Security Development Lifecycle (SDL) is a security assurance process with a focus on software development. InfoQ spoke with Bryan Sullivan about the current state and future road map of SDL framework.