Software Architecture, Code, and Information Security

Information security is tightly linked with the code running on platforms and decisions made during the software architecture planning phase. One can trace a lot of results in penetration tests to workarounds caused by inadequate tools, bad design choices, trends in software development, legacy applications, and too optimistic testing strategies. Let’s visit some of the accident sites by example.

Implementing the basic principles of information security can be hard. The dreaded undefined behaviour or the lack of graceful failures in error…