LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What security activities occur during the Design phase of SDL?

This is where you design the system to resist attack on purpose — settle the secure architecture, shrink the attack surface, and threat-model the whole thing before code is written.

Design turns the security requirements into security architecture. Its core achievement is making the system hard to attack by construction, rather than patching weaknesses later. Key moves:

  • Choose protective design techniqueslayering (defence in depth, so one breach isn't game over), managed code (a runtime like .NET/Java that prevents whole classes of memory bugs), least privilege (every component runs with the minimum rights it needs), and attack-surface minimization.
  • Document and shrink the attack surface — the attack surface is the sum of all the points an attacker can poke at (open ports, inputs, APIs, enabled features). You limit it through safe default settings (ship with risky features off).
  • Set product-specific ship criteria — extra security bars for this product's known hot-spots, e.g. mandatory cross-site-scripting (XSS) tests, or deprecating weak cryptography.
  • Threat modeling — the centrepiece: a systematic, structured walk through the features and architecture from an attacker's point of view to enumerate threats and decide on mitigations now, on the design, where they're cheap to add.

Why design is the key phase: a flaw baked into the architecture (e.g. a trust boundary in the wrong place) often can't be fixed later without a rewrite — so this is the highest-leverage point for security.

Go deeper:

From Quiz: SPRG / SDL and Threat Modeling | Updated: Jul 05, 2026