From the course: CSSLP Cert Prep: 1 Secure Software Concepts
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Defense in depth
From the course: CSSLP Cert Prep: 1 Secure Software Concepts
Defense in depth
- [Instructor] Complex applications often present a broad attack surface to criminals. And protecting against each and every attack can be very challenging. You'll quickly learn that no single security control is going to be able to stop every one of these attacks. That's why the principle of defense in depth is so important. When you apply the principle of defense in depth to your apps, what you're doing is identifying and implementing a set of complimentary security controls. If no single control will stop every attack, then why not layer those controls in a way that will have the desired effect? This concept of defense in depth is often compared to castle defenses from the middle ages. Think for a second about all of the controls you would need to compromise in order to steal gold from the castle keep. You would need to cross the water surrounding the castle and maybe climb the hill where the castle sits, and then…
Contents
-
-
-
-
-
-
(Locked)
Defense in depth4m 45s
-
(Locked)
Resiliency4m 14s
-
(Locked)
Open design5m 17s
-
(Locked)
Least common mechanism4m 18s
-
(Locked)
Psychological acceptability6m 3s
-
(Locked)
Leveraging existing components4m 30s
-
(Locked)
Eliminate single point of failure4m 23s
-
(Locked)
Diversity of defense3m 19s
-
(Locked)
-