I have put security design into a separate chapter because it is so pervasive; everyone must do their part, not only the development team but also the application administrators and the end users. Thus, while there may be someone with overall oversight of security, there is no one security designer.
In this chapter I discuss
• IT application security principles—some basic terminology and ideas.
• The security component in each of the designs.
• Security programming. Careless programming can open up your application to all kinds of security vulnerabilities.
There is a great deal of discussion and concern about IT security these days, some of it couched in apocalyptic terms like cyber-war and cyber-terrorism. It is undoubtedly ...