đ Free e-book: The 7 success factors of software testing. 25 years of project experience in one 33-page workbook, now also in English đ Get it for free
"If you start thinking about security in the last 10% of your project, you're going to get 10% security." - Eoin Woods
In this episode I talk with Eoin Woods about integrating security from the start of software development. Eoin, an expert in software architecture, explains why security often gets overlooked until the last minute. We explore why engineers find security daunting and discuss making it a standard part of development. Eoin shares design principles like defense in depth and cautions against custom security solutions.
Eoin Woods is an independent consultant in the fields of software architecture, green software and software engineering. He is formerly the CTO of Endava, where he was responsible for software engineering and capability development for over 10,000 delivery staff across the world. Prior to Endava he has developed databases, created security software and designed way too many systems to move money around. Outside his day job he is interested in software architecture, software security and sustainable (or "green") software. He is a regular conference speaker, has co-authored three books on software architecture and was the recipient of the 2018 Linda Northrup Award for Software Architecture, from the Software Engineering Institute at CMU
Highlights:
- Security addressed in the last ten percent of a project produces ten percent security, making early involvement the only reliable path to a secure system.
- Threat modeling is not a specialist-only exercise: any team can sit down, identify what is valuable in their system, and work out systematically who would want it and how they would attack.
- Building custom security mechanisms, including encryption or authentication flows, introduces vulnerabilities that even expert-produced security technology routinely contains and that most teams lack the resources to find.
- Failing to a secure state is a design obligation: when a component such as an audit trail or authentication service fails, the system must refuse to continue processing rather than default to an open position.
- Testers are a natural forcing function for security awareness because questioning what can go wrong is their core skill, and involving them early surfaces bypassed security controls before they reach production.
Fler avsnitt av Software Testing Unleashed - QA, DevEx & Quality Engineering
Visa alla avsnitt av Software Testing Unleashed - QA, DevEx & Quality EngineeringSoftware Testing Unleashed - QA, DevEx & Quality Engineering med Richard Seidl | Software Development & Testing Expert finns tillgÀnglig pÄ flera plattformar. Informationen pÄ denna sida kommer frÄn offentliga podd-flöden.
