Goal

The path to "セキュアなソフトウェアの設計と開発"

Here is the reading path leading up to this book, derived from its dependencies and ordered from the fundamentals.

The path so far (3 books)

OAuth徹底入門
Why read this first: OAuth 2.0 is fundamentally an authorization protocol, and misusing it for pseudo-authentication breeds vulnerabilities. Advancing to OIDC, which standardizes identity verification, clarifies how to build correct authentication, including ID token validation.
Sources
- How OpenID Connect Works - OpenID Foundation
OpenID Connect入門
Why read this first: Once you can implement authentication and authorization as a system, lift your perspective a level. Secure by Design goes beyond reactive input validation and escaping, offering a way to build structures where invalid data cannot enter at the design stage.
Sources
- OWASP Proactive Controls - OWASP Foundation
セキュア・バイ・デザイン
Why read this first: After grasping a robust, type-based design philosophy, advance to embedding it into the development process. STRIDE-based threat modeling systematically surfaces attack surfaces and trust boundaries, giving design reviews their backbone.
Sources
- Threat Modeling - OWASP Foundation