The name says it all. Secure by design in software engineering means that software has been designed thoroughly to be secure. This can be achieved by identifying the categories, vulnerable areas and the facts to analyze. As we learned in Chapter 5, Building Attack Paths – Threat Modeling an Application, this can reduce the number of vulnerabilities. A basic design principle depends on several factors; you might want to consider the following list during the design phase:
Entry points: Determining all the entry points to the app in this stage can significantly identify areas that are potentially the attack surface to infect the app. This information helps us define what type of data needs to be entering the app by building APT protection mechanisms to tighten the security and also build attack trees and attack paths for all the entry points.
Device local storage: Storage of any data on the client side is always risky. If the app has the functionality of operating offline...