Purpose: Design level flaws are lesser known concepts but their presence is a very big risk to the applications. Such flaws are hard to find in static or dynamic application scans and instead require deep understanding of application architecture and layout to uncover them manually.
Design level security is crucial and must be adopted at an early stage of application development to build a robust system. Thus the aim of this project is to impart secure design guidelines to application developers. The project will highlight vulnerable areas in application designs through real world examples and scenarios and touch up on different aspects of design level security. The focus will also be to explain measures to be taken to prevent such flaws while designing applications.
The guidelines will cover core design concepts which can applicable to any application independent of the platform.
Most of the design flaws will be discussed using sample code incorporated in an insecure design application. The project will also focus on releasing a secure design checklist for reviewing application designs or threat modelling them.
|