Secure by Design - Security Principles for the Working Architect

Explore key security principles for system architects in this ACCU 2019 conference talk. Learn ten proven principles for designing secure systems, explained in the context of mainstream system design rather than specialized security engineering language. Discover how to apply these principles in practice to enhance system security, covering topics such as separating responsibilities, implementing the simplest solution possible, auditing sensitive events, setting secure defaults, avoiding reliance on obscurity, and employing defense-in-depth strategies. Gain valuable insights from Eoin Woods, CTO of Endava and co-author of "Software Systems Architecture," as he bridges the gap between security expertise and practical application for software developers.

Intro
REVISITING SECURITY
ASPECTS OF SECURITY PRACTICE
SECURITY DESIGN PRINCIPLES
SEPARATE RESPONSIBILITIES
SIMPLEST SOLUTION POSSIBLE
AUDIT SENSITIVE EVENTS
SECURE DEFAULTS & FAIL SECURELY
NEVER RELY ON OBSCURITY
DEFENCE IN DEPTH
SECURE THE WEAKEST LINK