Home > Developer > Web Develop

Web Security Common Sense

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A qualified phper, must be to consider the security of the Web, and today simply summarize the common knowledge of the Web:

1. The nature of security issues is the question of trust

Three elements of security issues: confidentiality (confidentiality), completeness (Integrity), availability (availablity)

① confidentiality requires the protection of content can not be disclosed, encryption is a common means to achieve confidentiality requirements

② integrity requires that the data being protected is intact and not tampered with, and digital signatures are a common means of ensuring data integrity

③ availability requires the protection of resources is readily available, DoS (Denial of service attack) is destroyed by the availability of

2. Security assessment

Security assessment is divided into four phases, with causal relationships

① Asset class Division

② Threat Analysis

③ Risk Analysis

④ confirming the solution

3. The core of the Internet is driven by user data, the user generates business, the business generates data, and the core of the Internet security problem is the problem of data security.

4. Threat Analysis----STRIDE model (presented by Microsoft)

5. Risk Analysis----DREAD Model (presented by Microsoft)

6. Factors that affect the level of risk, in addition to the size of the loss, should also consider the possibility of occurrence

7. Safety Program Design Principles

①secure By default principle: This is the most basic and most important principle that can be understood as a black-and-white list of ideas, and if more of the use of white lists, will become more secure.

② least Privilege principle: this is another layer of security by default and is one of the basic principles of secure design. The principle of least privilege requires only the necessary permission of the principal, not over-authorization, which can effectively

Reduce the chance of system, network, application, database error.

③ Defense in Depth principle:

Defense in Depth (defense in depth) is also an important guideline for safety design

④ principle of non-predictability

Unpredictable performance effective against tampering-based, forged attacks

Web Security Common Sense

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More