Designing and developing software systems that are secure is of vital importance. A software application that does not follow secure practices creates vulnerabilities that can be exploited by attackers. The result of an attack can lead to unauthorized access to confidential data, financial losses, and ruining an organization's reputation.

We will explore the three states that information can be in and the main goals of information security, represented by the confidentiality, integrity, and availability (CIA) triad. We will take a look at how threat modeling can help to identify and prioritize threats. We will learn principles and practices that will help create secure applications by design.

The chapter will cover ...