Don’t trust infrastructure

Jump to: navigation, search

This is a principle or a set of principles. To view all principles, please see the Principle Category page.


A common myth: “I am using a market standard Webserver, Application server and Database. Hence, I don’t need to think about separately securing my application. I rely on security mechanisms provided by those servers!”. While market standard servers are written with security in mind, the actual application’s security is the responsibility of the application team. In fact, sometimes due to lack of proper security in the application, the container (web or app server) is compromised! Thereby other applications deployed on this container are affected.

Not trusting the infrastructure could mean that every application needs to authenticate and authorize every action from surrounded systems.

Another myth: “I need not validate the requests coming from other corporate applications or services into my application, as those requests are from known sources!” In fact, other unsecured application can be the source to damage our application. This can be referred as defense in depth (multi-level security) by implementing application-level security and not trusting the default security mechanisms of the surrounded infrastructure.