Establish secure defaults

From OWASP

This is a principle or a set of principles. To view all principles, please see the Principle Category page.

This article is a stub. You can help OWASP by expanding it.

This template will categorize articles that include it into the Category:Stub category.

Overview

There are many ways to deliver an “out of the box” experience for users. However, by default, the experience should be secure, and it should be up to the user to reduce their security – if they are allowed.

For example, by default, password aging and complexity should be enabled. Users might be allowed to turn these two features off to simplify their use of the application and increase their risk.

Retrieved from "http://www.owasp.org/index.php/Establish_secure_defaults"

Categories: OWASP ASDR Project | Stub | Principle