Cross-site scripting, SQL injections, Buffer overflows and many other well known vulnerabilities are a result of coding errors. With all the news coming in about vulnerabilities and compromises discovered, it is clear that the way the security industry used to handling the security awareness of software developers is not enough.
Also, fixing issues after they are already in production is costly. Hence the need for a more fundamentalist approach to solve the problem by tackling vulnerabilities early on in the development life-cycle.
Architecting and designing software with security in-mind can mitigate major threats by shielding the architecture from individual errors and not relying too much on security awareness for protecting the code. The system should be built such that a lot of vulnerabilities are less probable or impossible to occur as the code grows.
This session will go through several secure design concepts and pitfalls to ensure a fortified architecture for commonly susceptible components so that they can withstand development errors.
