Security by Design

Introduction

(From Canvas)

You investigate which security risks are most common (for instance OWASP top 10) and you investigate which best practices are used to prevent security risks for all steps in your software development process. You use common techniques (for instance misuse cases, trust boundaries) in analysis and design of your architecture. You implement common techniques (for instance authentication and authorization) which prevent common security breaches. You also design for, and test steps to mitigate breaches when they still occur.

Learning focuses

In order to shape the upcoming curriculum, I’ve chosen various learning focuses for Security by Design. These are work in progress, and have to be developed out further.

Category

In the tables below the category tab depicts the nature of the skill concerning the listed task.
Additionally to the standard, I’ve expanded with a custom table with tasks I came up with.

  • T = Technical skills

  • N = Non-technical skills

  • R = Research & development skills

  • P = Professional skills

Learning tasks

Task#

Category

Requirement

Status

Description

#0

T

Must

Done

Ci/CD P.1 Static (Security) Code Analysis

`#1`__

T

Must

Wip

Ci/CD P.2 OWASP ZAP integration

#2

T

Must

Done

Reverse Proxy setup

#3

T

Must

Done

CloudFlare integration

#4

T

Must

Done

Web Application Firewall implementation

#5

T

Must

Done

Firebase OAth e2e

#6

T

Should

Done

JSON Web Token implementation (&Validation)