Wednesday, January 25, 2017

Dev-Sec Guideline: Build to fail securely

Guideline: Build to fail securely

Part of: Development Security Guidelines
OverviewBuilding a set of Guidelines for Security and Privacy

Whenever something fails, it fails securely. Meaning that in no situation the (overall) security is lessened due to the failure. A hostile environment (both internal and external) should always be assumed.

This guideline is not about fail safe. Failing safe is about that functionality resumes when a certain control fails to operate. Failing secure is the opposite of that. In example can illustrate that better.
A firewall is a security control that can be, for instance, placed between the Internet and your internal network. When this firewall fails to operate, a couple of things can happen. Either the entire internal network can access the Internet and vice versa (fail safe) or access to the Internet is entirely shut down (fail secure).
Peter Steinfeld
When developing security controls (firewall, input validation, access management, etc.) always aim for fail secure, to make sure that when your security control is attacked, attackers won't gain more access by destroying it.

More information from OWASP about a Fail securely.


Post a Comment