Security Design and Architecture
For an application to be secure it must be designed with security as a primary consideration. Identifying and designing for potential security risks in a large application is a complex task. GDS engineers have performed countless application design and architecture reviews and enjoy providing guidance based on experience.
It is important to perform a review of an application's design and architecture at regularly defined intervals. Such a review might be triggered by addition of new features, discovery of new threats, or at the design stage of a new version of the application. The majority of baseline information necessary for performing these activities originates from artifacts collected or created during the previous Threat Modeling phases.
The Security Design and Architecture process is performed in the following phases:
- Information Verification
- Application Security Requirements Analysis
- Deployment & Network Infrastructure Analysis
- Application Component Analysis
- Reporting and Communication
Each phase has a clearly defined series of activities, required inputs and deliverables. All deliverables are template based and used to document the process and track progress. All artifacts including any review report itself are stored in a central repository for each application. The Security Design and Architecture review activity and results will continue to evolve as new information becomes available and as decisions are made during the application design and development phases. The findings will also provide input and test cases for the future application design, and influence future coding and testing functions.