1.2 KiB
1.2 KiB
Lab 2: Secure Software Design
Security Requirements
Security Pattern Catalog.
Security Requirement Analysis
| Task | Title | Pattern idea | Tactics |
|---|---|---|---|
| A | Enforce Password Policy, Single sign-on, Strong Authentication, Smart Cards | Credential Tokenizer, Single Sign-on, (Single Access Point) | Authenticate Users, Limit Exposure |
| B | User data disclosure and write protection | Encrypted Storage | |
| C | Isolation of critical and non-critical domains | Server Sandbox, (DMZ) | |
| D | Do not require login on every transaction | Session, Load Balancing (-> JWT) | |
| E | Bank Clerk Operation Tracking | Secure Logger | |
| F | Bank Account Information Privacy, Transaction Authorization | MFA, Fraud Detection | |
| G | Mobile Device Communication Security | PKI, Public-Private Key Encryption -> Secure Pipe |
Security Tactics
Possible exam question: Name the differences between patterns and tactics and name a few of each category.
aka. goals
Security Patterns
e. g. SSO, MFA, OTP