Difference between revisions of "ASDR TOC Principles"

From OWASP
Jump to: navigation, search
(New page: 1 Assume attackers have source code 2 Avoid security by obscurity 3 CLASP Security Principles 4 Defense in depth 5 Detect intrusions 6 Don’t trust infrastructure 7 Don’t trust services...)
 
Line 1: Line 1:
1 Assume attackers have source code
+
* 1 Assume attackers have source code
2 Avoid security by obscurity
+
* 2 Avoid security by obscurity
3 CLASP Security Principles
+
* 3 CLASP Security Principles
4 Defense in depth
+
* 4 Defense in depth
5 Detect intrusions
+
* 5 Detect intrusions
6 Don’t trust infrastructure
+
* 6 Don’t trust infrastructure
7 Don’t trust services
+
* 7 Don’t trust services
8 Establish secure defaults
+
* 8 Establish secure defaults
9 Fail securely
+
* 9 Fail securely
10 Fix security issues correctly
+
* 10 Fix security issues correctly
11 Keep security simple
+
* 11 Keep security simple
12 Least privilege
+
* 12 Least privilege
13 Minimize attack surface area
+
* 13 Minimize attack surface area
14 Positive security model
+
* 14 Positive security model
15 Secure Coding Principles
+
* 15 Secure Coding Principles
16 Separation of duties
+
* 16 Separation of duties
17 Use encapsulation
+
* 17 Use encapsulation

Revision as of 15:44, 6 May 2008

  • 1 Assume attackers have source code
  • 2 Avoid security by obscurity
  • 3 CLASP Security Principles
  • 4 Defense in depth
  • 5 Detect intrusions
  • 6 Don’t trust infrastructure
  • 7 Don’t trust services
  • 8 Establish secure defaults
  • 9 Fail securely
  • 10 Fix security issues correctly
  • 11 Keep security simple
  • 12 Least privilege
  • 13 Minimize attack surface area
  • 14 Positive security model
  • 15 Secure Coding Principles
  • 16 Separation of duties
  • 17 Use encapsulation