课程: Programming Foundations: Web Security
今天就开通帐号,24,600 门业界名师课程任您挑!
Security through obscurity
- Security through obscurity is our next core security principle. It has a nice rhyme to it. It means that it's more secure to withhold or obscure information 'cause information is valuable to an attacker. Learning new information benefits an attacker. It never benefits a defender. Therefore, the less information you give out, the better. Information should be kept on a need to know basis. It's similar to the principle of least privilege that we saw earlier. Give out the least amount of information necessary to complete the job. Most Hollywood heist films have a scene where the heroes perform some reconnaissance on their target. They watch the outside of the building through binoculars. They wait patiently as key personnel come and go so they can create a schedule of their daily routine. They photograph the security guards. They make maps and note the locations of security cameras. When hackers perform reconnaissance…
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程
内容
-
-
-
-
Least privilege3 分钟 33 秒
-
(已锁定)
Simple is more secure2 分钟 40 秒
-
(已锁定)
Never trust users3 分钟 7 秒
-
(已锁定)
Expect the unexpected2 分钟 10 秒
-
(已锁定)
Defense in depth3 分钟 23 秒
-
(已锁定)
Resilience4 分钟 31 秒
-
(已锁定)
Security through obscurity3 分钟 56 秒
-
(已锁定)
Deny-listing and allow-listing3 分钟 3 秒
-
(已锁定)
Map exposure points and data passageways3 分钟 34 秒
-
-
-
-