Chapter 4. Security Guidelines

Table of Contents

Validate Input and Output
Fail Securely (Closed)
Keep it Simple
Use and Reuse Trusted Components
Defense in Depth
Only as Secure as the Weakest Link
Security By Obscurity Won't Work
Least Privilege
Compartmentalization (Separation of Privileges)

The following high-level security principles are useful as reference points when designing systems.

Validate Input and Output

User input and output to and from the system is the route for malicious payloads into or out of the system. All user input and user output should be checked to ensure it is both appropriate and expected. The correct strategy for dealing with system input and output is to allow only explicitly defined characteristics and drop all other data. If an input field is for a Social Security Number, then any data that is not a string of nine digits is not valid. A common mistake is to filter for specific strings or payloads in the belief that specific problems can be prevented. Imagine a firewall that allowed everything except a few special sequences of packets!