This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:Principle"

From OWASP
Jump to: navigation, search
 
m (References)
 
(28 intermediate revisions by 12 users not shown)
Line 1: Line 1:
Links
+
{{Social Media Links}}
 +
This category is for tagging articles related to application security principles.
  
A. http://web.mit.edu/Saltzer/www/publications/protection/Basic.html (Saltzer and Schroeder)(see Section 3)
+
==What is an application security principle?==
 +
Application security principles are collections of desirable application properties, behaviors, designs and implementation practices that attempt to reduce the likelihood of threat realization and impact should that threat be realized. Security principles are language-independent, architecturally-neutral primitives that can be leveraged within most software development methodologies to design and construct applications.
  
B. http://news.com.com/2008-1082-276319.html (McGraw)
+
Principles are important because they help us make security decisions in new situations with the same basic ideas. By considering each of these principles, we can derive security requirements, make architecture and implementation decisions, and identify possible weaknesses in systems.
  
C. OWASP Guide
+
The important thing to remember is that in order to be useful, principles must be evaluated, interpreted and applied to address a specific problem. Although principles can serve as general guidelines, simply telling a software developer that their software must "[[fail securely]]" or that they should do "[[defense in depth]]" won't mean that much.
  
+
==Some proven application security principles==
 +
* Apply [[defense in depth]] (complete mediation)
 +
* Use a [[positive security model]] (fail-safe defaults, minimize attack surface)
 +
* [[Fail securely]]
 +
* Run with [[least privilege]]
 +
* [[Avoid security by obscurity]] (open design)
 +
* [[Keep security simple]] (verifiable, economy of mechanism)
 +
* [[Detect intrusions]] (compromise recording)
 +
* [[Don’t trust infrastructure]]
 +
* [[Don’t trust services]]
 +
* [[Establish secure defaults]] (psychological acceptability)
  
*Fail safely
+
==Applying security principles==
*Run with least privilege (least privilege)
+
Consider the exercise of designing a simple web application that allows one to send email to a friend. By evaluating and interpreting each principle, we can arrive at many of the threats to this application and ultimately derive a set of protection requirements. We want to end up with a complete list of what is required to offer this service securely.
*Avoid security by obscurity (open design)
 
*Use a positive security model (fail safe defaults)(minimize attack surface)
 
*Apply defense in depth (complete mediation)
 
*Keep security simple (verifiable)(economy of mechanism)
 
*Detect intrusions (compromise recording)
 
*Don’t trust infrastructure
 
*Don’t trust services
 
*Establish secure defaults (psychological acceptability)(secure defaults)
 
 
  
+
<!-- TBD: walk-through -->
  
Some of the security mechanisms help when you’re implementing these principles. This is just a rough pass that needs some more work. It can’t be done with just a bullet list, you really need more like a paragraph on each of these.
+
==References==
+
* [http://web.mit.edu/Saltzer/www/publications/protection/Basic.html Saltzer and Schroeder] (see section 3)
 +
* [http://www.ranum.com/security/computer_security/editorials/dumb/index.html The Six Dumbest Ideas in Computer Security]
 +
* [http://www.zdnet.com/article/gary-mcgraw-10-steps-to-secure-software/ Gary McGraw's 10 steps to secure software]
 +
* [[OWASP Guide Project|OWASP Development Guide Project]]
 +
* [http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf Engineering Principles for Information Technology Security (EP-ITS), by Gary Stoneburner, Clark Hayden, and Alexis, NIST Special Publication (SP) 800-27 (PDF)]
 +
* [http://www.developer.com/java/data/article.php/10932_3667601_1 Secure Design Principles] from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan ([http://www.biblio.com/isbn/1590597842.html ISBN 1590597842])
 +
* [http://assuredbydesign.com/haa/ High-Assurance Design] by Cliff Berg, 2005, Addison-Wesley. Foreword by Peter G. Neumann. Design principles and patterns for secure and reliable design.
  
*Fail safely
+
{{Template:PutInCategory}}
**Error handling
+
 
**Good logic
+
[[Category:OWASP ASDR Project]]
*Run with least privilege
 
**Access control
 
*Avoid security by obscurity
 
**Secure configuration files
 
*Use a positive security model
 
**Input validation
 
**Output encoding
 
**Access control
 
*Apply defense in depth
 
**Boundary validation
 
*Keep security simple
 
**Centralized security mechanisms
 
*Detect intrusions(compromise recording)
 
**Input validation
 
**Authentication
 
**Logging
 
**Availability protection
 
*Don’t trust infrastructure
 
**SSL
 
**Encrypt sensitive data
 
**Prevent injection
 
*Don’t trust services
 
**SSL, Authentication, Access control, Input validation, error handling, logging, output validation
 
*Establish secure defaults (psychological acceptability)(secure defaults)
 
**Notify users
 
**Secure “out of the box”
 

Latest revision as of 05:58, 29 July 2015


This category is for tagging articles related to application security principles.

What is an application security principle?

Application security principles are collections of desirable application properties, behaviors, designs and implementation practices that attempt to reduce the likelihood of threat realization and impact should that threat be realized. Security principles are language-independent, architecturally-neutral primitives that can be leveraged within most software development methodologies to design and construct applications.

Principles are important because they help us make security decisions in new situations with the same basic ideas. By considering each of these principles, we can derive security requirements, make architecture and implementation decisions, and identify possible weaknesses in systems.

The important thing to remember is that in order to be useful, principles must be evaluated, interpreted and applied to address a specific problem. Although principles can serve as general guidelines, simply telling a software developer that their software must "fail securely" or that they should do "defense in depth" won't mean that much.

Some proven application security principles

Applying security principles

Consider the exercise of designing a simple web application that allows one to send email to a friend. By evaluating and interpreting each principle, we can arrive at many of the threats to this application and ultimately derive a set of protection requirements. We want to end up with a complete list of what is required to offer this service securely.


References

How to add a new Principle article

You can follow the instructions to make a new Principle article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the Principle category:

[[Category:Principle]]