Application security engineer and advocate.
Maintainer of the CheatSheet Series project and the OWASP Testing Guide found on Github.
Oct 15, 2019 • 11 tweets • 2 min read
As part of #CyberSecurityAwarenessMonth, what are Security Design Principles that you know of? In a couple of hours I will proceed to describe the most important ones in a tweet each. Would love to see what you know about them!
1. Minimize Attack Surface:
Your surface should be closed by design. Open ports based on need, not because it's nicer to have multiple ports open. This is production, not testing.
Remove assets that were removed. Keep a checklist (QA - sign off for validation).