Don’t trust services

Revision as of 07:13, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

automation control inc product [ heating pad automatic ] [ latest cricket score between south africa and australia ] [ autogas lpg conversion ] [ asianeuro ] [ runescape hacks and autominers ] [ reiter automotive north america ] little tykes toys western australia [ tourist attraction in africa ] [ antivirus softwares downloads ] [ jabutiafrica ] [ trend antivirus scan ] route 66 auto detailing mesa arizona [ top ten african inventor ] [ eco africa usa inc ] windows xp antivirus download [ antivirus software for download ] [ african american marine corps generals ] [ africa center flight south ] nada used auto guide [ anastasiaweb com ] [ update norton antivirus ] asian tapestries [ anastasia everything burns ] url [ liquor licensing act south australia ] [ erythroplasia of queyrat ] avg vs avast antivirus domain [ australian map outback ] [ aa auto parts ] [ grand theft auto 3 pc download ] [ african american baptist history ] [ avg6 antivirus ] top [ auto reservation select train travel ] [ 26 africa aids coca cola in ] [ asian g girl string ] [ automotive previous customer events ] [ african american design hair ] [ australian food council ] [ asian tsunami video footage ] [ south africa travel agency ] [ migration patterns in africa ] url page [ australia convention ] [ african american organ donation ] [ auto california loan title ]

This is a principle or a set of principles. To view all principles, please see the Principle Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Last revision (mm/dd/yy): 05/26/2009


Services can refer to any external system.

Many organizations utilize the processing capabilities of third party partners, who likely have differing security policies and postures than they do. It is unlikely that you can influence or control any external third party, whether they are home users or major suppliers or partners.

Therefore, implicit trust of externally run systems is not warranted. All external systems should be treated in a similar fashion.

For example, a loyalty program provider provides data that is used by Internet Banking, providing the number of reward points and a small list of potential redemption items. However, the data should be checked to ensure that it is safe to display to end users, and that the reward points are a positive number, and not improbably large.


Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links

Related Vulnerabilities

Related Controls