Difference between revisions of "ASDR TOC Principles"

From OWASP
Jump to: navigation, search
(New page: 1 Assume attackers have source code 2 Avoid security by obscurity 3 CLASP Security Principles 4 Defense in depth 5 Detect intrusions 6 Don’t trust infrastructure 7 Don’t trust services...)
 
 
(14 intermediate revisions by 4 users not shown)
Line 1: Line 1:
1 Assume attackers have source code
+
{{template:CandidateForDeletion}}
2 Avoid security by obscurity
+
 
3 CLASP Security Principles
+
#REDIRECT [[::Category:Principle]]
4 Defense in depth
+
 
5 Detect intrusions
+
 
6 Don’t trust infrastructure
+
# [[Assume attackers have source code]]
7 Don’t trust services
+
# [[Avoid security by obscurity]]
8 Establish secure defaults
+
# [[Input Validation]]
9 Fail securely
+
# [[Defense in depth]]
10 Fix security issues correctly
+
# [[Detect intrusions]]
11 Keep security simple
+
# [[Don’t trust infrastructure]]
12 Least privilege
+
# [[Don’t trust services]]
13 Minimize attack surface area
+
# [[Establish secure defaults]]
14 Positive security model
+
# [[Fail securely]]
15 Secure Coding Principles
+
# [[Fix security issues correctly]]
16 Separation of duties
+
# [[Keep security simple]]
17 Use encapsulation
+
# [[Least privilege]]
 +
# [[Minimize attack surface area]]
 +
# [[Positive security model]]
 +
# [[Secure Coding Principles]]
 +
# [[Separation of duties]]
 +
# [[Use encapsulation]]
 +
# [[Don't trust user input]]
 +
# [[The Insecure-Bootstrapping Principle]]

Latest revision as of 10:43, 11 April 2009


This page was marked to be reviewed for deletion.


#REDIRECT :Category:Principle


  1. Assume attackers have source code
  2. Avoid security by obscurity
  3. Input Validation
  4. Defense in depth
  5. Detect intrusions
  6. Don’t trust infrastructure
  7. Don’t trust services
  8. Establish secure defaults
  9. Fail securely
  10. Fix security issues correctly
  11. Keep security simple
  12. Least privilege
  13. Minimize attack surface area
  14. Positive security model
  15. Secure Coding Principles
  16. Separation of duties
  17. Use encapsulation
  18. Don't trust user input
  19. The Insecure-Bootstrapping Principle