This course covers a set of key security principles that students can use to improve the security of application architecture and design. Principles of this course include applying defense to harden applications and make them more difficult for intruders to breach, reducing the amount of damage an attacker can accomplish, compartmentalizing to reduce the impact of exploits, using centralized input and data validation to protect applications from malicious input, and reducing the risk in error code paths.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills to apply security principles for creating secure application architecture including:
- Simplicity
- Encapsulation
- Abstraction
- Modularization
- Layering
- Defense in Depth
- Principle of Least Privilege
- Compartmentalization
- Secure by Default
- Fail Secure
- Psychological Acceptability
- Economy of Mechanism
- Protect the Weakest Link
- Input Validation
- Auditing and Logging
Framework Connections
Specialty Areas
- Software Development
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.