ASDR TOC Principles

From OWASP
Revision as of 15:44, 6 May 2008 by Leocavallari (Talk | contribs)

Jump to: navigation, search
  • 1 Assume attackers have source code
  • 2 Avoid security by obscurity
  • 3 CLASP Security Principles
  • 4 Defense in depth
  • 5 Detect intrusions
  • 6 Don’t trust infrastructure
  • 7 Don’t trust services
  • 8 Establish secure defaults
  • 9 Fail securely
  • 10 Fix security issues correctly
  • 11 Keep security simple
  • 12 Least privilege
  • 13 Minimize attack surface area
  • 14 Positive security model
  • 15 Secure Coding Principles
  • 16 Separation of duties
  • 17 Use encapsulation