In this Secure Software Design & Development course, I learned that major design flaws have resulted in vulnerability that is very serious. It allows a remote attacker to steal sensitive data on a vulnerable server, such as passwords or digital certificates. I learned about libtls, a new TLS library with a clean, obvious and simple API designed to make it easier to write foolproof applications. Its design philosophy is to:

​

1) Make it as easy to use as possible,

2) Safe and secure by default,

3) Consistent, obvious and well documented,

4) Support the use of pledge(2), chroot(2) and other sandbox environments:

            Ensure access to files is deterministic (either at a certain point, or not at all)

            Accept configuration via memory instead of files

​

General API design rules

• Keep it as simple as possible

• Do not be afraid to iterate

• Only add features when there is code that actually uses them:

• Ensure that the API is appropriate

• Helps to manage feature bloat

 

This new approach minimizes mistakes, design flaws that lead to serious vulnerability that puts end user at risk of account takeover, password leakage, etc.

​