Identify Sensitive Data and How They Should be Handled
Data are critical to organizations and to users. One of the first tasks that systems designers must do is identify sensitive data and determine how to protect it appropriately. Many…
Data are critical to organizations and to users. One of the first tasks that systems designers must do is identify sensitive data and determine how to protect it appropriately. Many…
Cryptography is one of the most important tools for building secure systems. Through the proper use of cryptography, one can ensure the confidentiality of data, protect data from unauthorized modification,…
Software systems and components commonly make assumptions about data they operate on. It is important to explicitly ensure that such assumptions hold: Vulnerabilities frequently arise from implicit assumptions about data,…
Co-mingling data and control instructions in a single entity, especially a string, can lead to injection vulnerabilities. Lack of strict separation between data and code often leads to untrusted data…
While it is extremely important to assess a user’s identity prior to allowing them to use some systems or conduct certain actions, knowing the user’s identity may not be sufficient…
Authentication is the act of validating an entity’s identity. One goal of a secure design is to prevent an entity (user, attacker, or in general a “principal”) from gaining access…
Software systems comprising more than just a single monolithic component rely on the composition and cooperation of two or more software tiers or components to successfully accomplish their purpose. These…