Security is a critical part of the entire software development lifecycle. If you’re of the mind that it’s not, please spend some time reading through the various vulnerability alerts published by CERT (http://www.cert.org). Still not convinced? Just Google “consumer privacy information hacked” and examine some of the more than two million hits describing how hackers have compromised consumer-related privacy information (financial history, social security numbers, etc.). Still not scared? Go take a look at some security-related books such as Anton Chuvakin and Cyrus Peikari’s Security Warrior (O’Reilly) or Michael Howard and David LeBlanc’s Writing Secure Code, Second Edition (Microsoft Press), and then go get horrified by Kevin Mitnick and William Simon’s The Art of Intrusion (John Wiley & Sons). (Mitnick was himself a notorious hacker who got caught, reformed himself, and now makes vast sums of money talking and writing about what a bad boy he was.)

Security isn’t something you can take casually, nor is it something simple you can just breeze through as you’re designing, implementing, testing, and delivering your software. The tools in this chapter will help you throughout the development cycle as you create your software: you can use the Threat Analysis & Modeling Tool to understand the environment in which your software will run and the threats it will face, ensure that your encryption requirements are met with Bouncy Castle’s Cryptography APIs, and mitigate ...