How do you handle security for Software applications?

I was having a conversation about this with a business owner looking to build their application, some months ago.

Security in Software is similar to security in real-world. No system is 100% fool proof, and so our best bet is to make the system so difficult to hack, that it will take a lot of time, energy and resources for someone to breach.

Let us understand this with an analogy of real world security:

A shop with multiple levels of security:

Level 0: Without doors

Level 1: With doors, but no locks

Level 2: With doors and also locks

Level 3: With multiple doors/layers, and multiple locks

Level 4: Multiple doors + locks + watch guard

Level 5: Multiple doors + locks + watch guard + CCTV and Alarms

I hope you get the point.

As and when we increase the security, it becomes increasing difficult for someone to breach into a shop.

Similarly in tech too, with enough time, resources and brute-force, any system can be hacked. Our goal must be ensure that our systems should take a very very long time for someone to break. 

This is the reason a lot of apps have criteria for passwords to have lowercase, uppercase, numbers, special characters, since then it will take a lot of time, energy and resources for attacker to hack into the system.

Moreover, since it will take a lot of time, while the attackers are in the process of breaking the systems, we will be alerted, so we can take even more measures to secure.

There are of-course a lot of other things to security as well, and this was only an introduction. More to cover in the upcoming posts.