Difference between revisions of "Use encapsulation"

From OWASP
Jump to: navigation, search
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
 
{{Template:Principle}}
 
{{Template:Principle}}
 +
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
 
<br>
 
<br>
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]
[[ASDR Table of Contents]]__TOC__
 
  
  
Line 17: Line 18:
 
* Implementation
 
* Implementation
 
** Hide internal details of a class, including data and methods, using private access modifier.
 
** Hide internal details of a class, including data and methods, using private access modifier.
 +
 +
==Related [[Vulnerabilities]]==
 +
 +
* [[Vulnerability 1]]
 +
* [[Vulnerabiltiy 2]]
 +
 +
 +
==Related [[Controls]]==
 +
 +
* [[Controls 1]]
 +
* [[Controls 2]]
 +
 +
 +
==References==
 +
 +
* http://www.link1.com
 +
* [http://www.link2.com Title for the link2]
 +
 +
 +
__NOTOC__
 +
 +
[[Category:Principle]]

Latest revision as of 07:44, 7 April 2009

This is a principle or a set of principles. To view all principles, please see the Principle Category page.

Last revision (mm/dd/yy): 04/7/2009



Description

Draw strong boundaries among application elements, including modules, functions and data, to limit the impact of potential attacks.

Examples

  • Design
    • Separate internal administrator's functions from external users' functions
    • Differentiate between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not.
    • In a web browser ensure that your mobile code cannot be abused by other mobile code.
  • Implementation
    • Hide internal details of a class, including data and methods, using private access modifier.

Related Vulnerabilities


Related Controls


References