Designing secure code
nChoose techniques to mitigate the Threats (techniques != technologies)
nSpoofing identity
nAuthentication (i.e. X.509 certificates, IPSec, HTTP Basic Authentication, Digest Authentication, DCOM)
nProtect secrets
nDon’t store secrets
nTampering with data
nAuthorization (i.e. ACL, Privileges, IP adress restrictions)
nHashes
nMessage authentication codes
nDigital signatures
nTamper-resistant protocols (SSL/TLS, IPSec, DCOM, EFS)