2 Defining the problem

This chapter covers

Defining the security tenants that software must adhere to
Identifying and understanding risk that impacts software
Exploring security in the software development life cycle

In the previous chapter, I used the example of building a house without the locks on the doors and windows. A house is a great example, as it allows you to think about the controls you use to limit your risk of the house being compromised due to break-in, fire, flooding, and so forth. We spend most of our time in security attempting to limit risk and counter threats, not eliminate them. A risk is the potential for loss of an asset or damage to an asset, whereas a threat is the activity that takes advantage of a weakness in an asset. ...

Get Application Security Program Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Application Security Program Handbook by Derek Fisher

2 Defining the problem

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly