Evaluating Software Architectures for Security
by Jan Jürjens
In this workshop, you will gain up-to-date practical knowledge on the evaluation of software architectures for security properties, and how to improve an insecure architecture using protective measures and best practices such as derived from the “OWASP Top 10 Security Vulnerabilities” of the “Open Web Application Security Project (OWASP)”.
This will be done in particular by analyzing commonly used patterns for architectures for security and by considering principles for secure design.
We will also consider security and privacy aspects of architectures that make use of AI, at the hand of the OWASP AI Security and Privacy Guide and the current top 10 security issues of machine learning systems (OWASP Machine Learning Security Top 10).
There will be practical exercises in break-out groups using open source tools for security analysis of architectures and their implementations, which include SonarQube and the Threat Dragon Tool. You will take on the role of the attacker and attack the (deliberately insecurely developed) web application ‘Google Gruyere’.
This way, you will acquire conceptual and practical knowledge of IT security at the architectural level and in the context of software development.