2. Designing secure software

The first and most important stage of ensuring network software is resilient to attacks is to design it with security in mind from the outset. Prevention is quicker and safer than a cure. There are several key areas to address when designing secure software:

1. Data validation. Ensuring that only valid data can be entered by users. This is a focus of test plans, using a variety of valid, extreme, and borderline data to ensure correct responses from the program.
2. User authentication. Ensuring that only authorised people can access, use, or modify the system. Authentication can be as simple as a password, or something more complicated such as two-factor authentication or biometric access control
3. Warnings. Programmers often include warnings that will pop up when users attempt to use software in a dangerous manner. These can be prompts to stop completely, or notifications of steps needed to mitigate the danger. They can also be used to notify the network manager rather than the user themselves.
4. Encryption. We have a section on the use of encryption for protecting data here.
5. Identifying vulnerabilities. Particularly the parts of the software that will come into contact with the outside world (users, hardware, or other software). It's often more efficient to allocate the majority of time and effort to securing these points of entry, rather than the nuts and bolts of the program itself.