SlideShare a Scribd company logo

02 application security fundamentals - part 1 - security priciples

A
appsec

The document outlines 10 security principles: minimize attack surfaces, establish secure defaults, least privilege, defense in depth, fail securely, don't trust services, separation of duties, avoid security by obscurity, keep security simple, and fix security issues correctly. Each principle is accompanied by a brief explanation of 1-2 sentences.

Technology
1 of 10
1
2
3
4
5
6
7
8
9
10
Principle – Minimize Attack Surfaces More points of interaction More difficult to defend 1 of 10
Principle – Establish Secure Defaults vs. Never rely on someone needing to specially configure or enable basic security functionality. 2 of 10
Principle – Least Privilege Not everyone should have access to everything. Even people or accounts you might think should have access don’t always need it. 3 of 10
Principle – Defense in Depth Don’t rely on a single security method to protect everything. Layer basic security practices to ensure the overall safety of an application. 4 of 10
Principle – Fail Securely Security controls should be designed to fail until they are proven valid. 5 of 10 When a security control does fail, it should place the application in a secure state.
Principle – Don’t Trust Services Don’t make assumptions that can impact your application’s security goals. 6 of 10
Principle – Separation of Duties Some combinations of permissions don’t work well together. 7 of 10
Principle – Avoid Security by Obscurity “But an attacker would never know or see that!” 8 of 10
Principle – Keep Security Simple The simpler the design of the security, the easier it is to understand and implement correctly. vs. 9 of 10
Principle – Fix Security Issues Correctly Symptom The real problem 10 of 10

More Related Content

PPTX
Seceon
CompanySeceon
 
PPTX
Understanding the 8 Keys to Security Success
SecurityOn-Demand
 
PDF
The New Economics of Cloud Security
Alert Logic
 
PDF
Security is a process not a magic
Cahyo Darujati
 
PPTX
Seven security principles
Joe Goodings
 
PDF
5 Essential Security Tips for Startups
Quick Heal Technologies Ltd.
 
PDF
10 Ways to Guarantee At Data Security Breach in 12-Months
Blue Trumpet Group
 
PDF
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Vladyslav Radetsky
 
Seceon
CompanySeceon
 
Understanding the 8 Keys to Security Success
SecurityOn-Demand
 
The New Economics of Cloud Security
Alert Logic
 
Security is a process not a magic
Cahyo Darujati
 
Seven security principles
Joe Goodings
 
5 Essential Security Tips for Startups
Quick Heal Technologies Ltd.
 
10 Ways to Guarantee At Data Security Breach in 12-Months
Blue Trumpet Group
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Vladyslav Radetsky
 

What's hot (19)

PPTX
How to Avoid End-of-Life Software Pitfalls
Aventis Systems, Inc.
 
PDF
Accelerating Incident Response in Organizations of Any Size
Cisco Canada
 
PPTX
5 insider tips for using it audits to maximize security
NetIQ
 
PDF
5 Data Security Measures
Namtek Consulting Services
 
PPTX
Information Security Life Cycle
vulsec123
 
PDF
The State of Network Security 2014
AlgoSec
 
PDF
Managing Security Policies Across Hybrid Cloud Environments
AlgoSec
 
PDF
False alarms
delltude72
 
PDF
Mastering next gen-siem-usecases-part1
Priyanka Aash
 
PDF
Reliability teamwork
Bhakti Mehta
 
PDF
5 Essential Security Tips for Startups
Heal Quick
 
PDF
BGA Eğitim Kataloğu
Asım Önder Kabataş
 
PDF
7-lessons-learned-from-bsimm
Marie Peters
 
PPTX
How to Choose the Right Security Training for You
Cigital
 
PDF
False alarms
delltude72
 
PPTX
New Synopsys research uncovers security's biggest challenges
Synopsys Software Integrity Group
 
DOCX
1
craigslistposting
 
PDF
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Go Global
 
PDF
Sonoco Safety Leadership Principles 2014
Sonoco
 
How to Avoid End-of-Life Software Pitfalls
Aventis Systems, Inc.
 
Accelerating Incident Response in Organizations of Any Size
Cisco Canada
 
5 insider tips for using it audits to maximize security
NetIQ
 
5 Data Security Measures
Namtek Consulting Services
 
Information Security Life Cycle
vulsec123
 
The State of Network Security 2014
AlgoSec
 
Managing Security Policies Across Hybrid Cloud Environments
AlgoSec
 
False alarms
delltude72
 
Mastering next gen-siem-usecases-part1
Priyanka Aash
 
Reliability teamwork
Bhakti Mehta
 
5 Essential Security Tips for Startups
Heal Quick
 
BGA Eğitim Kataloğu
Asım Önder Kabataş
 
7-lessons-learned-from-bsimm
Marie Peters
 
How to Choose the Right Security Training for You
Cigital
 
False alarms
delltude72
 
New Synopsys research uncovers security's biggest challenges
Synopsys Software Integrity Group
 
1
craigslistposting
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Go Global
 
Sonoco Safety Leadership Principles 2014
Sonoco
 
Ad

Similar to 02 application security fundamentals - part 1 - security priciples (20)

PDF
Principles for Secure Design and Software Security
Mona Rajput
 
PPTX
Security Design Principles for developing secure application .pptx
azida3
 
PPTX
002 Security Design Principles and some other
AssadLeo1
 
PPTX
002 Security Design Principles with best
AssadLeo1
 
PPT
Survey Presentation About Application Security
Nicholas Davis
 
PPT
Security Design Principles.ppt
DrBasemMohamedElomda
 
PDF
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
PDF
Secure by Design - Security Design Principles for the Working Architect
Eoin Woods
 
ODP
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
PPTX
Security Design Concepts
Mohammed Fazuluddin
 
PPTX
For Business's Sake, Let's focus on AppSec
Lalit Kale
 
PDF
Streamlining AppSec Policy Definition.pptx
tmbainjr131
 
PPTX
Application Security: What do we need to know?
Jose L. Quiñones-Borrero
 
PPTX
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
PPTX
01 Application Security Fundamentals - part 1 - introduction and goals
appsec
 
PDF
Application Security Protecting Your Software.pdf
yuj
 
PPTX
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
PPT
its a computer security based ppt which is very useful
SantoshChintawar
 
PPT
Intro to-ssdl--lone-star-php-2013
nanderoo
 
PPTX
Web Application Hacking tools .pptx
Guna Dhondwad
 
Principles for Secure Design and Software Security
Mona Rajput
 
Security Design Principles for developing secure application .pptx
azida3
 
002 Security Design Principles and some other
AssadLeo1
 
002 Security Design Principles with best
AssadLeo1
 
Survey Presentation About Application Security
Nicholas Davis
 
Security Design Principles.ppt
DrBasemMohamedElomda
 
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
Secure by Design - Security Design Principles for the Working Architect
Eoin Woods
 
Break it while you make it: writing (more) secure software
Leigh Honeywell
 
Security Design Concepts
Mohammed Fazuluddin
 
For Business's Sake, Let's focus on AppSec
Lalit Kale
 
Streamlining AppSec Policy Definition.pptx
tmbainjr131
 
Application Security: What do we need to know?
Jose L. Quiñones-Borrero
 
Information Security and the SDLC
BDPA Charlotte - Information Technology Thought Leaders
 
01 Application Security Fundamentals - part 1 - introduction and goals
appsec
 
Application Security Protecting Your Software.pdf
yuj
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
its a computer security based ppt which is very useful
SantoshChintawar
 
Intro to-ssdl--lone-star-php-2013
nanderoo
 
Web Application Hacking tools .pptx
Guna Dhondwad
 
Ad

More from appsec (11)

PPTX
23 owasp top 10 - resources
appsec
 
PPTX
15 owasp top 10 - a3-xss
appsec
 
PPTX
12 owasp top 10 - introduction
appsec
 
PPTX
10 application security fundamentals - part 2 - security mechanisms - encry...
appsec
 
PPTX
11 application security fundamentals - part 2 - security mechanisms - summary
appsec
 
PPTX
09 application security fundamentals - part 2 - security mechanisms - logging
appsec
 
PPTX
08 application security fundamentals - part 2 - security mechanisms - error...
appsec
 
PPTX
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
PPTX
07 application security fundamentals - part 2 - security mechanisms - data ...
appsec
 
PPTX
04 application security fundamentals - part 2 - security mechanisms - authe...
appsec
 
PPTX
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 
23 owasp top 10 - resources
appsec
 
15 owasp top 10 - a3-xss
appsec
 
12 owasp top 10 - introduction
appsec
 
10 application security fundamentals - part 2 - security mechanisms - encry...
appsec
 
11 application security fundamentals - part 2 - security mechanisms - summary
appsec
 
09 application security fundamentals - part 2 - security mechanisms - logging
appsec
 
08 application security fundamentals - part 2 - security mechanisms - error...
appsec
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
appsec
 
07 application security fundamentals - part 2 - security mechanisms - data ...
appsec
 
04 application security fundamentals - part 2 - security mechanisms - authe...
appsec
 
05 application security fundamentals - part 2 - security mechanisms - autho...
appsec
 

Recently uploaded (20)

PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 

02 application security fundamentals - part 1 - security priciples

  • 1. Principle – Minimize Attack Surfaces More points of interaction More difficult to defend 1 of 10
  • 2. Principle – Establish Secure Defaults vs. Never rely on someone needing to specially configure or enable basic security functionality. 2 of 10
  • 3. Principle – Least Privilege Not everyone should have access to everything. Even people or accounts you might think should have access don’t always need it. 3 of 10
  • 4. Principle – Defense in Depth Don’t rely on a single security method to protect everything. Layer basic security practices to ensure the overall safety of an application. 4 of 10
  • 5. Principle – Fail Securely Security controls should be designed to fail until they are proven valid. 5 of 10 When a security control does fail, it should place the application in a secure state.
  • 6. Principle – Don’t Trust Services Don’t make assumptions that can impact your application’s security goals. 6 of 10
  • 7. Principle – Separation of Duties Some combinations of permissions don’t work well together. 7 of 10
  • 8. Principle – Avoid Security by Obscurity “But an attacker would never know or see that!” 8 of 10
  • 9. Principle – Keep Security Simple The simpler the design of the security, the easier it is to understand and implement correctly. vs. 9 of 10
  • 10. Principle – Fix Security Issues Correctly Symptom The real problem 10 of 10