Revision as of 06:20, 19 April 2006 by Jeff Williams (Talk | contribs)

Jump to: navigation, search

Principles are important because they help us make security decisions in new situations. By considering each of these principles, we can derive security requirements, make architecture and implementation decisions, and identify possible weaknesses in systems.

The important thing to remember is that in order to be useful, principles must be evaluated, interpreted, and applied. You can't simply tell a software developer that their software must "fail safely" or that they should do "defense in depth". It won't mean anything.

Some proven application security principles

Applying security principles

Consider the exercise of designing a simple web application that allows people to send email to a friend. By evaluating and interpreting each principle, we can arrive at many of the threats to this application and ultimately derive a set of protection requirements. We want to end up with a complete list of what is required to offer this service securely.

TBD: walk through this exercise


A. (Saltzer and Schroeder)(see Section 3)


C. OWASP Guide Project