Difference between revisions of "Category:Principle"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
Links
+
Principles are important because they help us make security decisions in new situations. By considering each of these principles, we can derive security requirements, make architecture and implementation decisions, and identify possible weaknesses in systems.
  
A. http://web.mit.edu/Saltzer/www/publications/protection/Basic.html (Saltzer and Schroeder)(see Section 3)
+
The important thing to remember is that in order to be useful, principles must be evaluated, interpreted, and applied. You can't simply tell a software developer that their software must "[[fail safely]]" or that they should do "[[defense in depth]]". It won't mean anything.
  
B. http://news.com.com/2008-1082-276319.html (McGraw)
 
  
C. OWASP Guide
+
==Some proven application security principles==
  
 
 
*[[Fail safely]]
 
*Run with [[least privilege]] (least privilege)
 
*[[Avoid security by obscurity]] (open design)
 
*Use a [[positive security model]] (fail safe defaults)(minimize attack surface)
 
 
*Apply [[defense in depth]] (complete mediation)  
 
*Apply [[defense in depth]] (complete mediation)  
 +
*Use a [[positive security model]] (fail safe defaults)(minimize attack surface)
 +
*[[Fail safely]]
 +
*Run with [[least privilege]]
 +
*[[Avoid security by obscurity]] (open design)
 
*[[Keep security simple]] (verifiable)(economy of mechanism)  
 
*[[Keep security simple]] (verifiable)(economy of mechanism)  
 
*[[Detect intrusions]] (compromise recording)  
 
*[[Detect intrusions]] (compromise recording)  
 
*[[Don’t trust infrastructure]]  
 
*[[Don’t trust infrastructure]]  
 
*[[Don’t trust services]]  
 
*[[Don’t trust services]]  
*[[Establish secure defaults]] (psychological acceptability)(secure defaults)
+
*[[Establish secure defaults]] (psychological acceptability)
+
  
+
==Applying security principles==
 +
 
 +
Consider the exercise of designing a simple web application that allows people to send email to a friend. By evaluating and interpreting each principle, we can arrive at many of the threats to this application and ultimately derive a set of protection requirements. We want to end up with a complete list of what is required to offer this service securely.
 +
 
 +
TBD: walk through this exercise
 +
 
 +
==References==
 +
 
 +
A. http://web.mit.edu/Saltzer/www/publications/protection/Basic.html (Saltzer and Schroeder)(see Section 3)
  
Some of the security mechanisms help when you’re implementing these principles. This is just a rough pass that needs some more work. It can’t be done with just a bullet list, you really need more like a paragraph on each of these.
+
B. http://news.com.com/2008-1082-276319.html
+
  
*Fail safely
+
C. [[OWASP Guide Project]]
**Error handling
+
**Good logic
+
*Run with least privilege
+
**Access control
+
*Avoid security by obscurity
+
**Secure configuration files
+
*Use a positive security model
+
**Input validation
+
**Output encoding
+
**Access control
+
*Apply defense in depth
+
**Boundary validation
+
*Keep security simple
+
**Centralized security mechanisms
+
*Detect intrusions(compromise recording)
+
**Input validation
+
**Authentication
+
**Logging
+
**Availability protection
+
*Don’t trust infrastructure
+
**SSL
+
**Encrypt sensitive data
+
**Prevent injection
+
*Don’t trust services
+
**SSL, Authentication, Access control, Input validation, error handling, logging, output validation
+
*Establish secure defaults (psychological acceptability)(secure defaults)
+
**Notify users
+
**Secure “out of the box”
+

Revision as of 05:20, 19 April 2006

Principles are important because they help us make security decisions in new situations. By considering each of these principles, we can derive security requirements, make architecture and implementation decisions, and identify possible weaknesses in systems.

The important thing to remember is that in order to be useful, principles must be evaluated, interpreted, and applied. You can't simply tell a software developer that their software must "fail safely" or that they should do "defense in depth". It won't mean anything.


Some proven application security principles

Applying security principles

Consider the exercise of designing a simple web application that allows people to send email to a friend. By evaluating and interpreting each principle, we can arrive at many of the threats to this application and ultimately derive a set of protection requirements. We want to end up with a complete list of what is required to offer this service securely.

TBD: walk through this exercise

References

A. http://web.mit.edu/Saltzer/www/publications/protection/Basic.html (Saltzer and Schroeder)(see Section 3)

B. http://news.com.com/2008-1082-276319.html

C. OWASP Guide Project