Difference between revisions of "ASDR TOC Principles"

From OWASP
Jump to: navigation, search
 
(2 intermediate revisions by one user not shown)
Line 3: Line 3:
 
  #REDIRECT [[::Category:Principle]]
 
  #REDIRECT [[::Category:Principle]]
  
Back to [[ASDR_Table_of_Contents|TOC]]
 
  
 
# [[Assume attackers have source code]]
 
# [[Assume attackers have source code]]
 
# [[Avoid security by obscurity]]
 
# [[Avoid security by obscurity]]
# [[Input Validation]][[Category:FIXME|This is listed as a control when I click the article, but it's in the principle TOC. So, one of those two things is wrong, which is it?]]
+
# [[Input Validation]]
 
# [[Defense in depth]]
 
# [[Defense in depth]]
 
# [[Detect intrusions]]
 
# [[Detect intrusions]]
Line 24: Line 23:
 
# [[Don't trust user input]]
 
# [[Don't trust user input]]
 
# [[The Insecure-Bootstrapping Principle]]
 
# [[The Insecure-Bootstrapping Principle]]
 
Back to [[ASDR_Table_of_Contents|TOC]]
 
 
[[Category:OWASP ASDR Project]]
 

Latest revision as of 10:43, 11 April 2009


This page was marked to be reviewed for deletion.


#REDIRECT :Category:Principle


  1. Assume attackers have source code
  2. Avoid security by obscurity
  3. Input Validation
  4. Defense in depth
  5. Detect intrusions
  6. Don’t trust infrastructure
  7. Don’t trust services
  8. Establish secure defaults
  9. Fail securely
  10. Fix security issues correctly
  11. Keep security simple
  12. Least privilege
  13. Minimize attack surface area
  14. Positive security model
  15. Secure Coding Principles
  16. Separation of duties
  17. Use encapsulation
  18. Don't trust user input
  19. The Insecure-Bootstrapping Principle