Principle 9 - Assume External Sources, Systems & Networks are Insecure

Detail

Services should be designed in accordance with a threat modelling and attack surface analysis which is based on the premise that all potentially interacting networks and systems which reside outside the security perimeter of the information domain which contains the solution itself are untrusted, and hence fundamentally insecure and potentially hostile in nature.

Decision Evaluation Criteria:

• Has an attack surface evaluation and threat modelling exercise been performed which specifically identifies all possible attack vectors which could emanate from all systems and networks external to the information domain under analysis ?
• Have all external attack vectors been analysed without any assumption of security controls applied outside the security perimeter ?
• Are all external data sources (including user data input ) checked and sanitised before been accepted into the service ?

Basis

• NIST 6 - Assume that external systems are insecure
• OWASP 5 - Malicious input handling verification
• OWASP 11 - HTTP security configuration