Securing the application and runtime. Principles
- Apply defense in depth
- Use a positive security model (fail-safe defaults, minimize attack surface)
- Fail securely
- Run with least privilege
- Avoid security by obscurity (open design)
- Keep security simple (verifiable, economy of mechanism)
- Detect intrusions (compromise recording)
- Don’t trust infrastructure
- Don’t trust services
- Establish secure defaults (psychological acceptability)
- Keep information on a neeed to know basis.
- Clear secrets and prevent them from being shared or visible.
- State should be immutable.
- State changes should be declarative.
- Virtual machines should be avoided
- Runtime should protect against overflows
- Keep runtime up to date.
- Avoid unnecessary logging.
- Mask or obfuscate sensitive information in logs.
- Don’t log secrets
- Have health checks and metrics
- Perform peer reviews
- Don’t trust input
- Control and verify output