14 A final word: Don’t forget about security!
This chapter covers
- Code security reviews
- Vulnerabilities in a large-scale tech stack
- Running security penetration tests from time to time
- Following security breaches and attack vectors
- Incident handling and the team’s role
By now, you’ve been with us throughout the course of a pretty long book. We’ve spent much time talking about how to not think about security, but still get security anyway. Surprising as it might seem, we’d like to close this book by talking about how important it is to think about security. We started this book by noting a few things:
- Developers find it difficult and distracting to explicitly think about security while coding.
- Developers like and find it natural to think about design while coding.
- Many security problems arise from bugs, misbehaving code that happens to open up security vulnerabilities.
- Good design reduces bugs; some designs prevent some kinds of bugs, while other designs prevent other bugs.