About Software Security

In the cloud-enabled, highly networked world of modern computing, security is one of the most important facets of proper software engineering.

The most important thing to understand about security is that it is not a bullet point item. You cannot bolt it on at the end of the development process. You must consciously design security into your app or service from the very beginning, and make it a conscious part of the entire process from design through implementation, testing, and release.

../Art/security_overview_intro_art_2x.png

At a Glance

At the application layer, security means being aware of how your code uses information and ensuring that it does so safely and responsibly. For example, it is your responsibility to:

Threat Models Help You Identify Areas of Risk

In the planning phase, you must determine the nature of the threats to your software and architect your code in such a way that maximizes security. To do this, you should build up a threat model that shows ways in which your software might be attacked.

Secure Coding Techniques and OS Security Features Help You Mitigate Those Risks

At each phase of the development process, you must take steps to mitigate risks:

Tools Can Help You Catch Coding Errors

In the testing phase, you should take advantage of static analyzers and other tools designed to help you find security vulnerabilities.

Prerequisites

This document assumes that you have already read Mac Technology Overview, iOS Technology Overview, or both.