OWASP security principles

Minimize attack surface area

An attack surface refers to all the potential vulnerabilities that a threat actor could exploit, like attack vectors, which are pathways attackers use to penetrate security defenses.

Principles of least privilege

Making sure that users have the least amount of access required to perform their everyday tasks.

Defense in depth

Means that an organization should have multiple security controls that address risks and threats in different ways.

Separation of duties

Can be used to prevent individuals from carrying out fraudulent or illegal activities.

Keep security simple

When implementing security controls, unnecessarily complicated solutions should be avoided because they can become unmanageable.

Fix security issues correctly

When a security incident occurs, security professionals are expected to identify the root cause quickly.

Open, Web, Applications, Security, and Project

What does OWASP stand for?

OWASP

What are the security principles