We've defined 30 basic principles of security architecture:
Start by asking questions
Select a destination before stepping on the gas
Decide how much security is "just enough"
Employ standard engineering techniques
Identify your assumptions
Engineer security in from day one
Design with the enemy in mind
Understand and respect the chain of trust
Be stingy with privileges
Test any proposed action against policy
Build in appropriate levels of fault tolerance
Address error-handling issues appropriately
Choose safe default actions and values
Stay on the simple side
Don't rely on obfuscation
Maintain minimal retained state
Adopt practical measures users can live with
Make sure some individual is accountable
Self-limit program consumption of resources
Make sure it's possible to reconstruct events
Eliminate "weak links"
Build in multiple layers of defense
Treat an application as a holistic whole
Reuse code known to be secure
Don't rely on off-the-shelf software for security
Don't let security needs overwhelm democratic principles
Remember to ask, "What did I forget?"
The following sections define these principles in greater detail, and subsequent chapters explain them in the context of different phases of software development.
Whether you're starting from scratch with a clean sheet of paper or have been handed a complex piece of software that needs fixing or updating, your first step in ...