Update
This commit is contained in:
16
security/README.md
Normal file
16
security/README.md
Normal file
@ -0,0 +1,16 @@
|
||||
# Security Considerdations When Designing a System
|
||||
##### Least Privilege
|
||||
##### Fail Safe Defaults
|
||||
- Negate fail safe insecure defaults
|
||||
##### Economy of Mechanisms ( Keep it Simple )
|
||||
##### Complete Mediation
|
||||
- Check access to each abject is allowed
|
||||
- Note cache machanisms. After access is revoked, is access verified against stale cache data?
|
||||
##### Open Design
|
||||
- Security of the design should not depend on the secrecy of the design.
|
||||
##### Seperation of Privilege
|
||||
- Permissions based on more than one condition. Just because someone has a password, can they use it to accomplish a specific task?
|
||||
##### Least Common Mechanism
|
||||
- Do not create shared resources with sensitive data.
|
||||
##### Psychological Acceptability
|
||||
- The more secure a design is, the more likely users are to find ways to make life easier by creating insecure work arounds.
|
||||
Reference in New Issue
Block a user