Thanks for the great list of secure design patterns and principles, @shehackspurple
.
but, you've unfortunately played into a typical misconception: security is both functional and non-functional. You can hardly call a requirement for authentication and/or authorization non-functional, yes? these are most certainly functions that must be included, either by calling a service or building.
Remember: security is the cross-domain domain. security gets build North to South, East to West, front to back at many different levels and in overlapping ways. there are few 1:1 relations between defenses and attacks. we build the features that stakeholders require, along with defense that will stop, slow down, or at least identify attack attempts.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for the great list of secure design patterns and principles, @shehackspurple .
but, you've unfortunately played into a typical misconception: security is both functional and non-functional. You can hardly call a requirement for authentication and/or authorization non-functional, yes? these are most certainly functions that must be included, either by calling a service or building.
Remember: security is the cross-domain domain. security gets build North to South, East to West, front to back at many different levels and in overlapping ways. there are few 1:1 relations between defenses and attacks. we build the features that stakeholders require, along with defense that will stop, slow down, or at least identify attack attempts.