This document discusses guidelines for software security governance and development. It covers topics like strategy and metrics, security requirements, secure architecture, design and code reviews, security testing, vulnerability management, and operational enablement. It also provides examples of implementing account security, session management, and input/output handling securely. One section examines man-in-the-middle attacks and how to design construction and implementation to address such threats.
14. Man in the Middle Attack
Threat
Assessment
Construction
Security
Requirement
Implementation
Security
Architecture
Account
Security
Mechanism
CONFIDENTIAL
Session
Management