If your not already familiar with this resource, and you work in Security and/or Pen Testing, you will want to become familiar with OWASP.
Consider the following, just to start, from https://www.owasp.org/index.php/Category:Principle:
Some proven application security principles
- Apply defense in depth (complete mediation)
- Use a positive security model (fail-safe defaults, minimize attack surface)
- Fail securely
- Run with least privilege
- Avoid security by obscurity (open design)
- Keep security simple (verifiable, economy of mechanism)
- Detect intrusions (compromise recording)
- Don’t trust infrastructure
- Don’t trust services
- Establish secure defaults (psychological acceptability)
No comments:
Post a Comment