Please enable JavaScript.
Coggle requires JavaScript to display documents.
Software Architecture Security - Coggle Diagram
Software Architecture Security
Threat modeling
Identify system assets
Identify potential threats
Evaluate likelihood and impact of threats
Determine appropriate security controls
Implement and test controls
Security controls
Authentication and authorization
Something you know (e.g. password)
Something you have (e.g. security key)
Something you are (e.g. biometric)
Multi-factor authentication (MFA)
Encryption
Data in transit (e.g. SSL/TLS)
Data at rest (e.g. disk encryption)
Firewall
Monitor and control incoming/outgoing network traffic
Block unauthorized access or allow access to specific resources
Intrusion detection and prevention
Monitor for signs of malicious activity
Take action to prevent or mitigate threats
Access control
Restrict access to specific resources or actions based on user identity and permissions
Patch management
Keep software and systems up to date with the latest security patches and updates
Defense in depth
Multiple layers of security controls
Reduces risk of successful attack if one layer is breached
Secure communication
Encrypt data in transit
Use secure communication protocols (e.g. HTTPS, SSH)
Verify identity of communicating parties
Code security
Secure coding practices
Input validation and sanitization
Use of secure libraries and frameworks
Encryption
Sensitive data (e.g. passwords, sensitive user information)
Secure communication protocols
HTTPS for web communication
SSH for remote access
Regularly update and patch code
Fix known vulnerabilities
Use static analysis tools
Identify potential vulnerabilities and security issues in code
Network security
Firewalls
Monitor and control incoming/outgoing network traffic
Block unauthorized access or allow access to specific resources
Intrusion detection and prevention systems
Monitor for signs of malicious activity
Take action to prevent or mitigate threats
Encryption
Protect sensitive data in transit
Secure communication protocols
HTTPS for web communication
SSH for remote access
Regularly update and patch systems
Fix known vulnerabilities
Security in the software development life cycle (SDLC)
Identify and prioritize security requirements
Types of data that will be stored or transmitted
Types of threats the software may face
Perform threat modeling
Identify and analyze potential threats
Determine how to mitigate or eliminate threats
Incorporate security controls into the design
Select and incorporate appropriate security controls
Implement security controls
Test security controls
Ensure that they are effective and the software is secure
Monitor and maintain security
Regularly update and maintain security controls
Monitor for security issues
Security terminology
Threat
Potential source of harm or danger to a system or its users
Vulnerability
Weakness in a system that could be exploited by a threat
Risk
Likelihood that a threat will exploit a vulnerability to cause harm to a system or its users
Security controls
Measures put in place to protect a system from threats and vulnerabilities
Access control
Measures that restrict access to specific resources or actions based on user identity and permissions
Encryption
Process of encoding data so that it can only be accessed by authorized users
Firewall
Security control that monitors and controls incoming and outgoing network traffic based on predetermined security rules
Intrusion detection
Process of monitoring a system for signs of unauthorized activity or attempts to compromise the system
Patch management
Process of ensuring that software and systems are kept up to date with the latest security patches and updates