Security Design
Identify threats and design appropriate security controls for a feature.
Process
- •Identify assets to protect
- •Model potential threats
- •Define required controls
- •Specify data handling rules
- •Note compliance requirements
Output
Create security-requirements.md using the template in templates/security-requirements.md.
Tips
- •Consider OWASP Top 10 threats
- •Define what data is sensitive
- •Specify authentication/authorization needs
- •Document logging requirements (without sensitive data)
- •Consider rate limiting and abuse prevention