This course aims to teach students how to effectively integrate security into application requirements and architectures by arming them with knowledge and tools.

This class teaches architects and requirements analysts the basics of application security concepts. Students learn how to interpret requirements from a security perspective and how architectural decisions affect application security using threat modeling.

Effective application security begins at the beginning of the Software Development Life Cycle (SDLC). Traditionally, requirements analysts act as a bridge between the business and the development team. Requirements documents typically include a variety of functional and non-functional requirements, yet they rarely include specific security attributes. Imagine requirements documents that specifically call for protection of the integrity, confidentiality, and availability of an application's data during processing, storage, and transmission. Such documents would allow system architects to build effective security controls into their applications and make appropriate tradeoffs between security and other architectural drivers such as performance and ease of use.

Similarly, an application that integrates the appropriate security features into its architecture reduces the risk of vulnerabilities posed by tacking security on afterwards - a classic example is the amount of problems with session management protocols built on top of stateless HTTP.

This course begins by educating students on information security fundamentals - namely the security triad of confidentiality, integrity, and availability. Building upon these fundamentals, the course describes the merits and challenges of an effective data classification program and how such a program pivotal to the secure SDLC. Students learn the role that requirements analysts and architects play in building secure applications by examining case studies.

In order to better appreciate the nature of the threat, students learn about and try basic attacks on applications across a variety of attack vectors. This hands-on portion drives home the ease of attacks and the importance of good design in maintaining security.

The emphasis of the class is on the technique of threat analysis - an industry accepted method to identify and enumerate the risks an application will face before implementation. Students will learn to use freely available threat modeling tools to aid them in securing their applications.

Students and instructors walk through a case study and learn to construct an appropriate threat model. They also learn how the model can be used to drive requirements and architecture, and how secure development guidelines can be used to enhance the threat analysis.

• Security fundamentals: confidentiality, integrity, and availability
• Data classification
• Secure requirements
• Secure architecture

• Authentication, authorization, and session management
• Input validation
• Cryptography, error handling, other concepts

• Basic concepts of threat analysis
• Using threat analysis to assist secure requirements and architecture
• Threat modeling tools