Secure Design Principles
Sitting hear on a cold, snowy day thinking about secure design principles. These are key to think about during the design phase of a feature/project?
Total Mediation – every access to every resource must be validated every time
Economy of Mechanism – keep it as simple as possible
Fail-Safe – in case of failure, default to a secure state
Defense in Depth – layer security
Open Design – the security of a system should not be dependent on secrecy of its design or implementation
Psychological Acceptability – security mechanisms must not make resources more difficult to access then if they weren’t there
Least Privilege – limit access to a system/feature to only those that *need* to access it for the shortest duration possible
Minimize attack surface – reduce risk by reducing the attack surface area
Secure Defaults – default to a secure state
Any others you can think of?