Many well-known security vulnerabilities in web and mobile applications could be easily avoided if they were already accounted for in the design phase. Often enough, changing the application on the architecture level late in the development phase is cumbersome and results in overly complicated and barely maintainable solutions.
In this Meetup, we'll have a look at 6 application security design patterns that, if considered early, will make your life easier in terms of securing your application. Here are some of the goals that can be achieved with the discussed patterns:
- Easier centralized session and access management
- Mitigation of CSRF without the hassle of anti-CSRF tokens
- Making the integration of a Content Security Policy a breeze
- Effective defense in depth against missing object-level access control
- Mitigating arbitrary entity field overwrites by design
- Mitigating excessive data exposure by design
- Mitigating DoS through systematic user lock-out
- Device and session lists
- Notifications upon a login from a new device
- And more!