SlideShare a Scribd company logo

02 application security fundamentals - part 1 - security priciples

A
appsec

The document outlines 10 security principles: minimize attack surfaces, establish secure defaults, least privilege, defense in depth, fail securely, don't trust services, separation of duties, avoid security by obscurity, keep security simple, and fix security issues correctly. Each principle is accompanied by a brief explanation of 1-2 sentences.

Technology
1 of 10
1
2
3
4
5
6
7
8
9
10
Principle – Minimize Attack Surfaces More points of interaction More difficult to defend 1 of 10
Principle – Establish Secure Defaults vs. Never rely on someone needing to specially configure or enable basic security functionality. 2 of 10
Principle – Least Privilege Not everyone should have access to everything. Even people or accounts you might think should have access don’t always need it. 3 of 10
Principle – Defense in Depth Don’t rely on a single security method to protect everything. Layer basic security practices to ensure the overall safety of an application. 4 of 10
Principle – Fail Securely Security controls should be designed to fail until they are proven valid. 5 of 10 When a security control does fail, it should place the application in a secure state.
Principle – Don’t Trust Services Don’t make assumptions that can impact your application’s security goals. 6 of 10
Principle – Separation of Duties Some combinations of permissions don’t work well together. 7 of 10
Principle – Avoid Security by Obscurity “But an attacker would never know or see that!” 8 of 10
Principle – Keep Security Simple The simpler the design of the security, the easier it is to understand and implement correctly. vs. 9 of 10
Principle – Fix Security Issues Correctly Symptom The real problem 10 of 10

More Related Content

What's hot (19)

PPTX
How to Avoid End-of-Life Software Pitfalls
Aventis Systems, Inc.
 
PDF
Accelerating Incident Response in Organizations of Any Size
Cisco Canada
 
PPTX
5 insider tips for using it audits to maximize security
NetIQ
 
PDF
5 Data Security Measures
Namtek Consulting Services
 
PPTX
Information Security Life Cycle
vulsec123
 
PDF
The State of Network Security 2014
AlgoSec
 
PDF
Managing Security Policies Across Hybrid Cloud Environments
AlgoSec
 
PDF
False alarms
delltude72
 
PDF
Mastering next gen-siem-usecases-part1
Priyanka Aash
 
PDF
Reliability teamwork
Bhakti Mehta
 
PDF
5 Essential Security Tips for Startups
Heal Quick
 
PDF
BGA Eğitim Kataloğu
Asım Önder Kabataş
 
PDF
7-lessons-learned-from-bsimm
Marie Peters
 
PPTX
How to Choose the Right Security Training for You
Cigital
 
PDF
False alarms
delltude72
 
PPTX
New Synopsys research uncovers security's biggest challenges
Synopsys Software Integrity Group
 
DOCX
1
craigslistposting
 
PDF
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Go Global
 
PDF
Sonoco Safety Leadership Principles 2014
Sonoco
 
How to Avoid End-of-Life Software Pitfalls
Aventis Systems, Inc.
 
Accelerating Incident Response in Organizations of Any Size
Cisco Canada
 
5 insider tips for using it audits to maximize security
NetIQ
 
5 Data Security Measures
Namtek Consulting Services
 
Information Security Life Cycle
vulsec123
 
The State of Network Security 2014
AlgoSec
 
Managing Security Policies Across Hybrid Cloud Environments
AlgoSec
 
False alarms
delltude72
 
Mastering next gen-siem-usecases-part1
Priyanka Aash
 
Reliability teamwork
Bhakti Mehta
 
5 Essential Security Tips for Startups
Heal Quick
 
BGA Eğitim Kataloğu
Asım Önder Kabataş
 
7-lessons-learned-from-bsimm
Marie Peters
 
How to Choose the Right Security Training for You
Cigital
 
False alarms
delltude72
 
New Synopsys research uncovers security's biggest challenges
Synopsys Software Integrity Group
 
1
craigslistposting
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Go Global
 
Sonoco Safety Leadership Principles 2014
Sonoco
 

Similar to 02 application security fundamentals - part 1 - security priciples (20)

PDF
Principles for Secure Design and Software Security
Mona Rajput
 
PPTX
Security Design Principles for developing secure application .pptx
azida3
 
PPTX
002 Security Design Principles and some other
AssadLeo1
 
PPTX
002 Security Design Principles with best
AssadLeo1
 
PPT
Survey Presentation About Application Security
Nicholas Davis
 
PPT
Security Design Principles.ppt
DrBasemMohamedElomda
 
PDF
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
PDF
Secure by Design - Security Design Principles for the Working Architect
Eoin Woods
 
ODP
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
PPTX
Security Design Concepts
Mohammed Fazuluddin
 
PPTX
For Business's Sake, Let's focus on AppSec
Lalit Kale
 
PDF
Streamlining AppSec Policy Definition.pptx
tmbainjr131
 
PPTX
Application Security: What do we need to know?
Jose L. Quiñones-Borrero
 
PPTX
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
PPTX
01 Application Security Fundamentals - part 1 - introduction and goals
appsec
 
PDF
Application Security Protecting Your Software.pdf
yuj
 
PPTX
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
PPT
its a computer security based ppt which is very useful
SantoshChintawar
 
PPT
Intro to-ssdl--lone-star-php-2013
nanderoo
 
PPTX
Web Application Hacking tools .pptx
Guna Dhondwad
 
Principles for Secure Design and Software Security
Mona Rajput
 
Security Design Principles for developing secure application .pptx
azida3
 
002 Security Design Principles and some other
AssadLeo1
 
002 Security Design Principles with best
AssadLeo1
 
Survey Presentation About Application Security
Nicholas Davis
 
Security Design Principles.ppt
DrBasemMohamedElomda
 
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
Secure by Design - Security Design Principles for the Working Architect
Eoin Woods
 
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
Security Design Concepts
Mohammed Fazuluddin
 
For Business's Sake, Let's focus on AppSec
Lalit Kale
 
Streamlining AppSec Policy Definition.pptx
tmbainjr131
 
Application Security: What do we need to know?
Jose L. Quiñones-Borrero
 
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
01 Application Security Fundamentals - part 1 - introduction and goals
appsec
 
Application Security Protecting Your Software.pdf
yuj
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
its a computer security based ppt which is very useful
SantoshChintawar
 
Intro to-ssdl--lone-star-php-2013
nanderoo
 
Web Application Hacking tools .pptx
Guna Dhondwad
 
Ad

More from appsec (11)

PPTX
23 owasp top 10 - resources
appsec
 
PPTX
15 owasp top 10 - a3-xss
appsec
 
PPTX
12 owasp top 10 - introduction
appsec
 
PPTX
10 application security fundamentals - part 2 - security mechanisms - encry...
appsec
 
PPTX
11 application security fundamentals - part 2 - security mechanisms - summary
appsec
 
PPTX
09 application security fundamentals - part 2 - security mechanisms - logging
appsec
 
PPTX
08 application security fundamentals - part 2 - security mechanisms - error...
appsec
 
PPTX
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
PPTX
07 application security fundamentals - part 2 - security mechanisms - data ...
appsec
 
PPTX
04 application security fundamentals - part 2 - security mechanisms - authe...
appsec
 
PPTX
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
23 owasp top 10 - resources
appsec
 
15 owasp top 10 - a3-xss
appsec
 
12 owasp top 10 - introduction
appsec
 
10 application security fundamentals - part 2 - security mechanisms - encry...
appsec
 
11 application security fundamentals - part 2 - security mechanisms - summary
appsec
 
09 application security fundamentals - part 2 - security mechanisms - logging
appsec
 
08 application security fundamentals - part 2 - security mechanisms - error...
appsec
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
07 application security fundamentals - part 2 - security mechanisms - data ...
appsec
 
04 application security fundamentals - part 2 - security mechanisms - authe...
appsec
 
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
Ad

Recently uploaded (20)

PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
July Patch Tuesday
Ivanti
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
PDF
Python basic programing language for automation
DanialHabibi2
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
July Patch Tuesday
Ivanti
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Log-Based Anomaly Detection: Enhancing System Reliability with Machine Learning
Mohammed BEKKOUCHE
 
Python basic programing language for automation
DanialHabibi2
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 

02 application security fundamentals - part 1 - security priciples

  • 1. Principle – Minimize Attack Surfaces More points of interaction More difficult to defend 1 of 10
  • 2. Principle – Establish Secure Defaults vs. Never rely on someone needing to specially configure or enable basic security functionality. 2 of 10
  • 3. Principle – Least Privilege Not everyone should have access to everything. Even people or accounts you might think should have access don’t always need it. 3 of 10
  • 4. Principle – Defense in Depth Don’t rely on a single security method to protect everything. Layer basic security practices to ensure the overall safety of an application. 4 of 10
  • 5. Principle – Fail Securely Security controls should be designed to fail until they are proven valid. 5 of 10 When a security control does fail, it should place the application in a secure state.
  • 6. Principle – Don’t Trust Services Don’t make assumptions that can impact your application’s security goals. 6 of 10
  • 7. Principle – Separation of Duties Some combinations of permissions don’t work well together. 7 of 10
  • 8. Principle – Avoid Security by Obscurity “But an attacker would never know or see that!” 8 of 10
  • 9. Principle – Keep Security Simple The simpler the design of the security, the easier it is to understand and implement correctly. vs. 9 of 10
  • 10. Principle – Fix Security Issues Correctly Symptom The real problem 10 of 10