Designer

Role Description
The primary responsibility of the designer is to keep security risks out of the application, whenever possible. This responsibility has many facets: For example, the designer should explicitly document the “attack surface” of an application — which is roughly equal to the entry points to an application that may be visible to an attacker. This data can be used in a metric roughly akin to traditional software complexity metrics; it is also an excellent starting point for those who are looking to determine whether there are exploitable risks in software. Designers have the most security-relevant work of all the traditional development roles: Thus, designers should maintain a high level of security awareness; we recommend reading CLASP Resources A, B, C and D thoroughly.
 * First, he must figure out what technologies will satisfy security requirements and research them well enough to determine how to use those technologies properly.
 * Second, if a security flaw is found in the application, it is usually up to the designer to assess the consequences and determine how to best address the problem.
 * Finally, the designer needs to help support measuring the quality of application security efforts. Generally, this involves providing data that can be used as metrics or as a foundation for an application security review.
 * They should push back on requirements that may have unrecognized security risks.
 * They need to give implementers a roadmap in order to minimize the risk of errors requiring an expensive fix.
 * They also need to understand the security risks of integrating third-party software.
 * In addition, they are generally the point person for responding to security risks identified in the software.