Security Concepts
1. data flow diagram, tracking data flow and protecting the path using encryption - Confidentiality
2. root of trust/ chain of trust - Integrity
3. Multi-layer security - defense in depth to keep in mind before designing an APP. Supplementary protection.
4. Data Injection checks for Injection attack. Input/Output Validation/ Authentication
5. Protect the ROM Image using Chain of trust
6. Create security zone - memory / process data -- Public, private or regulated data
7. Fail safe / Server Error response from Applications.
8. Proper Non-verbose error and error response.
9. Data residency spread across different zones.
10. TOC TOU , this is time of copy and time of use.
No comments:
Post a Comment