We learned about the CIA triad and its goals of providing confidentiality, integrity, and availability. Security is about tradeoffs, so you should try to maintain a balance between these goals. Software applications should be designed to be as secure as necessary, but requirements for quality attributes such as usability and availability must be met as well.

There are no silver bullets when it comes to implementing security. However, there are proven principles and practices we can use to secure our applications and data. This chapter examined threat modeling and different techniques to create applications that are secure by design.

We learned about cryptography, including encryption and hashing, and IAM. Software architects who work ...