Difference between revisions of "ASDR TOC Principles"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
Back to [[ASDR_Table_of_Contents|TOC]]
 
Back to [[ASDR_Table_of_Contents|TOC]]
  
* 1 [[Assume attackers have source code]]
+
# [[Assume attackers have source code]]
* 2 [[Avoid security by obscurity]]
+
# [[Avoid security by obscurity]]
* 3 [[Input Validation]][[Category:FIXME|This is listed as a control when I click the article, but it's in the principle TOC. So, one of those two things is wrong, which is it?]]
+
# [[Input Validation]][[Category:FIXME|This is listed as a control when I click the article, but it's in the principle TOC. So, one of those two things is wrong, which is it?]]
* 4 [[Defense in depth]]
+
# [[Defense in depth]]
* 5 [[Detect intrusions]]
+
# [[Detect intrusions]]
* 6 [[Don’t trust infrastructure]]
+
# [[Don’t trust infrastructure]]
* 7 [[Don’t trust services]]
+
# [[Don’t trust services]]
* 8 [[Establish secure defaults]]
+
# [[Establish secure defaults]]
* 9 [[Fail securely]]
+
# [[Fail securely]]
* 10 [[Fix security issues correctly]]
+
# [[Fix security issues correctly]]
* 11 [[Keep security simple]]
+
# [[Keep security simple]]
* 12 [[Least privilege]]
+
# [[Least privilege]]
* 13 [[Minimize attack surface area]]
+
# [[Minimize attack surface area]]
* 14 [[Positive security model]]
+
# [[Positive security model]]
* 15 [[Secure Coding Principles]]
+
# [[Secure Coding Principles]]
* 16 [[Separation of duties]]
+
# [[Separation of duties]]
* 17 [[Use encapsulation]]
+
# [[Use encapsulation]]
* 18 [[Don't trust user input]]
+
# [[Don't trust user input]]
* 19 [[Reduce Surface Area]]
+
# [[The Insecure-Bootstrapping Principle]]
* 20 [[The Insecure-Bootstrapping Principle]]
+
  
 
Back to [[ASDR_Table_of_Contents|TOC]]
 
Back to [[ASDR_Table_of_Contents|TOC]]
  
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]

Revision as of 16:25, 5 September 2008

Back to TOC

  1. Assume attackers have source code
  2. Avoid security by obscurity
  3. Input Validation
  4. Defense in depth
  5. Detect intrusions
  6. Don’t trust infrastructure
  7. Don’t trust services
  8. Establish secure defaults
  9. Fail securely
  10. Fix security issues correctly
  11. Keep security simple
  12. Least privilege
  13. Minimize attack surface area
  14. Positive security model
  15. Secure Coding Principles
  16. Separation of duties
  17. Use encapsulation
  18. Don't trust user input
  19. The Insecure-Bootstrapping Principle

Back to TOC