Computer science graduates are typically taught object-oriented design principles to focus on performance, correctness, scalability, and maintainability when building large systems. However, an additional set of design principles are required to achieve security. In this course, we discuss security design principles, and illustrate how to employ them through a running example of how to secure a web server. We also discuss new, emerging threats, and laws and regulations that require security measures in corporate and medical sector.
In this first course, the case study presents vulnerabilities in the implementation of a small web server. We identify each of the vulnerabilities, and illustrate how to employ each of the security design principles we discuss to eliminate vulnerabilities in the server. We also discuss how the web might have been designed differently if security was ‘baked-in’ from the beginning.
Introduction – Neil Daswani (63 sec)
Security Design – Neil Daswani (48 sec)