Architecture principles may still be too high-level for most developers. Therefore, in this section, we will discuss some key open source security frameworks. Depending on the purposes of the security objective and programming languages, there are various kinds of open source security framework. We will only discuss some major or widely used security frameworks.

Adoption of a security framework is the best approach to achieve secure by design. A mature security framework provides security controls such as authentication, access control, session management, HTTP security, cryptography, and logging. It also enables a junior developer who has little knowledge of security to build secure software.

Just remember that the security ...