Summary
We discussed the importance of security in software architecture, and how sensitive information is categorized. Afterward, we covered the CIA triad for the security principles of confidentiality, integrity, and availability.
We covered authentication with the spotlight on how TLS works and how it prevents cyberattacks such as MitM eavesdropping. We delved into the details of how MFA works and its implications for software architecture.
Then, we moved on to the topic of authorization, and we covered the four major access control methods (role-based, policy-based, attribute-based, and ACLs). We discussed how authorization has impacted software architecture.
We mentioned the basic practices in handling sensitive data, including data classification, and protecting data in transit and in rest. A few approaches are highlighted on how Kotlin engineers can avoid accidentally logging sensitive data. A couple of strategies for anonymizing data are included in this chapter.
...
