In the previous part, you learned about the fundamentals of secure by design. The tools and mindset certainly allow you to craft secure software, but, for some reason, applying this in legacy code is something many find challenging. Where should you start? What should you look for, or which strategy should you use? This is exactly what we’ll address in this part.

The focus will therefore be a bit different than in previous parts. We won’t explain security problems in depth, but rather focus on how legacy code can be improved using what you’ve learned so far in this book. We’ll start by looking at common problems found in monolithic architectures and then progress to microservices, which pose their own unique set of security challenges. Then we’ll finish this part with some last words about why you still need to think about security, before we let you go on your journey towards a world of more secure software.