This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Category:CLASP Security Service

Jump to: navigation, search

There are several fundamental security goals that may be required for the resources in your system. For each resource in your system, you should be aware of whether and how you are addressing each concern throughout the lifetime of the resource. That is, each resource may have different protection requirements as it interacts with different resources. For example, user data may not need to be protected on the user’s machine but may need long-term secure storage in your database to prevent against possible insider attacks.

The fundamental security goals are: access control, authentication, confidentiality, data integrity, availability, accountability, and non-repudiation. In this section, we give an overview of each of the goals, explaining important nuances and discussing the levels within a system at which the concern can be addressed effectively.

Be aware that mechanisms put in place to achieve each of these services may be thwarted by unintentional logic errors in code.

This category currently contains no pages or media.