Technical Risk

To understand the technical security risks of a system, architects and designers need to understand the nature of these risks in order to better prevent them. The general nature of risks in our systems can be categorized into the following major areas:

  • Improperly configured systems

  • Buggy software

  • Poor authentication (that is, insufficient password requirements)

  • Lack of encryption in network traffic

The primary reason that any given part of a system is a security risk is improperly configured or buggy software. An improperly configured system or a system with a bug opens a security hole that can be exploited. One of the most famous security breaches has been chronicled by Clifford Stoll in his book The Cuckoo's Egg, in which he describes ...

Get Building Web Applications with UML now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.