Thursday, January 26, 2017

Dev-Sec Guideline: Build to not trust infrastructure

Guideline: Build to not trust infrastructure

Part of: Development Security Guidelines
OverviewBuilding a set of Guidelines for Security and Privacy

Do not trust the fact that infrastructure and platforms are fully operational and do not only trust on their security. Expect that it could go down or reduce in capacity, performance or security any moment in time. Build for resilience.

This guideline is to make developers aware to not lean on the infrastructure and platform for the security (or any other qualitative aspect in that regard) of the applications that are being developed.

It is possible that the infrastructure and platform supporting the application are incredible secure, while the application itself is not. The application can be compromised, despite the security in everything else. And when applications gets compromised, data usually leaks.

More information from OWASP about a Don’t trust infrastructure.


Post a Comment