From the course: CSSLP Cert Prep: 1 Secure Software Concepts
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Open design
From the course: CSSLP Cert Prep: 1 Secure Software Concepts
Open design
- [Instructor] Assuming that hidden is the same thing as secure is a dangerous habit for application security professionals. Obscurity provides a false sense of security. Any penetration test could tell you that there's always a way to get to secrets that you thought were safe from prying eyes. The more eyes you have on your application security design, the better. We call this approach open design. Keep in mind that we're talking about the high level design here and not every component within the app. Certain secrets like passwords and encryption keys need to remain secret. Don't publish that info for everyone to see. But things like frameworks, libraries, and encryption algorithms, should be documented and reviewed by a larger team. One of the reasons for embracing this open design principle is that it actually helps ensure the confidentiality of both the data and the source code. This might seem counter intuitive at…
Contents
-
-
-
-
-
-
(Locked)
Defense in depth4m 45s
-
(Locked)
Resiliency4m 14s
-
(Locked)
Open design5m 17s
-
(Locked)
Least common mechanism4m 18s
-
(Locked)
Psychological acceptability6m 3s
-
(Locked)
Leveraging existing components4m 30s
-
(Locked)
Eliminate single point of failure4m 23s
-
(Locked)
Diversity of defense3m 19s
-
(Locked)
-