Secure design can be a very broad topic to discuss. In this section, we are going to focus on the discussion with seven key security controls: authentication, authorization, session management, data validation, error handling, logging, and encryption. Refer to the following diagram:
A secure design may be related to several factors including security requirements, the adoption of the security framework, the logic flow, and the right implementation. Take authentication as an example—market security requirements may add two-factor authentication or one-time password (OTP). A security framework, such as Spring Security or Shiro ...