DES 811: Secure Architecture and Design
Architecture reviews are one of the most cost effective ways to discover security issues proactively in applications, yet only a small fraction of development teams understand how to successfully conduct an architecture review. This class addresses this gap by allowing students to use their own software application in lab-based exercises. By learning how to examine your own application’s architecture for issues, your team can cost-effectively resolve key security issues before they make their way into your software application. Conversely, if your system is already in production, an architecture review can be a good way to identify major security gaps that may have been previously unknown.
Upon completion of this class, participants will be able to:
- Understand network security issues that may apply to an architecture
- Understand host security issues that may apply to an architecture
- Understand application security issues that may apply to an architecture
- Understand that managing security is a risk management exercise
- Learn how to break down an application’s architecture and identify security flaws
Network Security Recommendations
This module explains how decisions about network architecture can affect the security of an application, and introduces topics such as network scanning, sniffing, and encrypted/unencrypted protocols.
Host Security Recommendations
This module presents recommendations for hardening hosts to protect running applications and covers malware, rootkits, and attacker techniques.
Application Security Recommendations
This module provides an overview of high-level application security strategies including defense in depth, input validation, and principle of least privilege.
This module helps participants understand how to determine the level of risk inherent with the applications they are currently working with. Participants will complete an exercise that quantifies the risk level of different aspects of an application.
The instructor will lead participants through an architecture security review exercise where they map out and review familiar application architectures. This helps to illustrate how an architecture review will often lead to the discovery of serious issues.