OWASP Flashcards
Minimize Attack Surface Area
Minimize the amount of vulnerabilities a threat actor can exploit
Principle of least privilege
Give people the absolute minimum required access
Defense in depth
Varying security controls for different types of threat
Separation of Duties
Critical processes should have multiple people responsible for different parts (eg: check creating and signing)
Keep Shit Simple
Simple solutions = used solutions
Fix issues correctly
ID the root cause, contain it, ID vulnerabilities, and conduct tests on remediation efforts
Establish correct defaults
Make sure that optimal security is the default for all users
Fail securely
Make sure when a control fails, it defaults to the most secure option. Eg: a failing firewall shuts off app network access
Don’t trust services
Always get 3rd party software
Avoid security by obscurity
Don’t hide the details of what makes a system secure