Domain 4: Cloud Application Security Module 39 of 70

Module 39: Secure SDLC: Business Requirements and Design

CCSP Domain 4 — Cloud Application Security Section A 6–8 min read
The CCSP exam expects you to integrate security from the earliest SDLC phases — requirements and design — not bolt it on during testing.

Security Requirements Gathering

Security requirements must be defined alongside functional requirements. The exam tests whether you understand that security is a non-functional requirement that shapes architecture decisions:

  • Confidentiality requirements — what data classification levels will the application handle?
  • Integrity requirements — what data must be protected from unauthorized modification?
  • Availability requirements — what uptime does the business require?
  • Compliance requirements — what regulations apply (GDPR, HIPAA, PCI DSS)?
  • Privacy requirements — what personal data is processed and how?

Exam trap: If security requirements are not defined until the testing phase, the cost of remediation increases exponentially. The exam rewards candidates who understand that security starts at requirements, not at code review.

Threat Modeling in Design

Threat modeling is the structured process of identifying threats during the design phase. The exam expects you to know:

  • STRIDE — Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
  • DREAD — Damage, Reproducibility, Exploitability, Affected Users, Discoverability (used for risk rating)
  • Attack trees — hierarchical diagrams showing how an asset can be attacked
  • Data flow diagrams — map trust boundaries where security controls are needed
If the exam asks WHEN threat modeling should occur, the answer is during the design phase — before any code is written. Threat modeling during testing is too late and too expensive.

Secure Architecture Patterns

Cloud applications should follow security-by-design patterns:

  • Zero trust architecture — never trust, always verify at every layer
  • Least privilege — every component gets minimum required permissions
  • Defense in depth — multiple overlapping controls at different layers
  • Fail-secure — when a control fails, default to a secure state (deny access)
  • Separation of duties — no single person or component has complete control

The exam tests whether you can identify which pattern is violated in a given scenario and recommend the correct architectural correction.

Cloud-Specific Design Considerations

Cloud architecture introduces design decisions that affect security:

  • Stateless application design enables horizontal scaling but requires external session management
  • API gateway patterns centralize authentication and rate limiting
  • Event-driven architectures need input validation at every trigger point
  • Multi-tenant SaaS applications must enforce tenant isolation in application logic

The exam may present a scenario where tenant data leaks because the application does not properly enforce data segregation. The fix is always at the application design level, not the infrastructure level.

Next Module Module 40: Secure SDLC: Coding and Testing