This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Keep security simple"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.texttroctrno.com)
 
(9 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{Template:Stub}}
+
{{Template:Principle}}
 +
<br>
 +
[[Category:OWASP ASDR Project]]
  
==Categories==
+
 
 +
==Description==
 +
 
 +
Attack surface area and simplicity go hand in hand. Certain software engineering fads prefer overly complex approaches to what would otherwise be relatively straightforward and simple code. Developers should avoid the use of double negatives and complex architectures when a simpler approach would be faster and simpler.
 +
 
 +
 
 +
==Examples==
 +
 
 +
===Entity Beans vs. Global Variables===
 +
:Although it might be fashionable to have a slew of singleton entity beans running on a separate middleware server, it is more secure and faster to simply use global variables with an appropriate mutex mechanism to protect against race conditions.
 +
 
 +
 
 +
==Related [[Vulnerabilities]]==
 +
 
 +
* [[Vulnerability 1]]
 +
 
 +
 
 +
==Related [[Controls]]==
 +
 
 +
* [[Controls 1]]
 +
 
 +
 
 +
==References==
 +
 
 +
* See [[How to write insecure code]] for a tongue-in-cheek discussion of keeping security simple.
  
 
[[Category:Principle]]
 
[[Category:Principle]]

Latest revision as of 18:30, 27 May 2009

This is a principle or a set of principles. To view all principles, please see the Principle Category page.


Description

Attack surface area and simplicity go hand in hand. Certain software engineering fads prefer overly complex approaches to what would otherwise be relatively straightforward and simple code. Developers should avoid the use of double negatives and complex architectures when a simpler approach would be faster and simpler.


Examples

Entity Beans vs. Global Variables

Although it might be fashionable to have a slew of singleton entity beans running on a separate middleware server, it is more secure and faster to simply use global variables with an appropriate mutex mechanism to protect against race conditions.


Related Vulnerabilities


Related Controls


References