Hackers are everywhere. Thus, security and authentication are essential pieces of software architecture. There are so many common features of application security available it may seem like no real thought is needed. You can just grab the essential features "off the shelf." Nevertheless, there is much to nail down in architecting the best solution for your specific application.
Start With Security And AuthenticationThere are applications that are created with security and authentication left as a finishing touch. This approach is often taken to simplify testing and validation during the implementation phase. However, these are features that should be built into every piece of the application. When you fail to do so, it is too easy to miss details and leaves holes that can be exploited.
Thorough TestingOne of the best arguments for security from the start is the value of testing. When you force all of your tests to be run in a secure environment it makes them more valid. You are far more likely to find situations that only occur in a secure application. Be they bugs, gaps, or restrictive permissions. These are not only important for a secure system, but they can also be difficult bugs to find in the wild. More to the point, your QA scripts should include a validation of every secured item in the system. When they do not, testing is not complete.
Security ThroughoutA secure system is much more complicated than an open one. There are decisions to make in almost every area that impact security. When you put them off, they may need to be altered. For example, we may have data that is only accessible by a specific user (or users). We need to make sure that every possible option for accessing that data is secured. This includes an authorization requirement on every tier and for every access point. Failing to incorporate security into the system from the start can lead to costly (and risky) changes far down the SDLC process. The effort is worth it.
