Guideline: Build to not trust infrastructurePart of: Development Security Guidelines
Overview: Building a set of Guidelines for Security and Privacy
This guideline is to make developers aware to not lean on the infrastructure and platform for the security (or any other qualitative aspect in that regard) of the applications that are being developed.
It is possible that the infrastructure and platform supporting the application are incredible secure, while the application itself is not. The application can be compromised, despite the security in everything else. And when applications gets compromised, data usually leaks.
More information from OWASP about a Don’t trust infrastructure.