Security Design Principles

If you have been following us, we have been posting for some months now, focusing in raising awareness and explaining which are the most common vulnerabilities that you can find in your applications.

Having finished with the OWASP Top 10 related to APIs, we thought it was a good idea to wrap up the section by sharing with you 8 high level Security Design Principles that, if followed, should help mitigate most if not all of those vulnerabilities.

Taking into account the above, this story will differ from the previous ones and will focus on highlighting good practices to develop…


This section

As a reminder, we started with this section more than two months ago 🙌🏻 . Our main purpose, is to share once a week, one of the top cybersecurity attacks that applications are suffering nowadays and help by explaining how you can prevent them from happening.

It is insane that with the 10th OWASP related article, we have been publishing for more than 10 weeks in a row and just wanted to thank all of you who are reading this and have read the past ones. To all of you, thank you very much!

In each story, we go through…


This section

As a reminder, we started with this section more than two months ago 🙌🏻 . Our main purpose, is to share once a week, one of the top cybersecurity attacks that applications are suffering nowadays and help by explaining how you can prevent them from happening.

In each story, we go through ‘Brief explanation’, ‘Is my API vulnerable?’, ‘Attack scenarios’ and ‘How to prevent?’, so by the end you have a comprehensive understanding.

If you missed the previous articles, we encourage you to go have a look. We have already covered:


This section

As a reminder, we started with this section two months ago (yes! this actually our 10th story in a row 😎). Our main purpose, is to share once a week, one of the top cybersecurity attacks that applications are suffering nowadays and help by explaining how you can prevent them from happening.

In each story, we go through ‘Brief explanation’, ‘Is my API vulnerable?’, ‘Attack scenarios’ and ‘How to prevent?’, so by the end you have a comprehensive understanding.

If you missed the previous articles, we encourage you to go have a look. We have already covered:


This section

As a reminder, we started with this section almost two months ago. Our main purpose, is to share once a week, one of the top cybersecurity attacks that applications are suffering nowadays and help by explaining how you can prevent them from happening.

In each story, we go through ‘Brief explanation’, ‘Is my API vulnerable?’, ‘Attack scenarios’ and ‘How to prevent?’, so by the end you have a comprehensive understanding.

If you missed the previous articles, we encourage you to go have a look. We have already covered:


This section

As a reminder, we started with this section a more than month ago. Our main purpose, is to share once a week, one of the top cybersecurity attacks that applications are suffering nowadays and help by explaining how you can prevent them from happening.

In each story, we go through ‘Brief explanation’, ‘Is my API vulnerable?’, ‘Attack scenarios’ and ‘How to prevent?’, so by the end you have a comprehensive understanding.

If you missed the previous articles, we encourage you to go have a look. We have already covered:


This section

As a reminder, we started with this section a month ago (yes, already a month! :O). Our main purpose is to share the top cybersecurity attacks that applications are suffering nowadays and help by explaining how you can prevent them from happening.

In each story, we go through ‘Brief explanation’, ‘Is my API vulnerable?’, ‘Attack scenarios’ and ‘How to prevent?’, so by the end you have a comprehensive understanding.

If you missed the previous articles, we encourage you to go have a look. We have already covered:


This section

As a reminder, we started with this section three weeks ago. Our main purpose is to share the top cybersecurity attacks that applications are suffering nowadays and help by explaining how you can prevent them from happening.

In each story, we go through ‘Brief explanation’, ‘Is my API vulnerable?’, ‘Attack scenarios’ and ‘How to prevent?’, so by the end you have a comprehensive understanding.

If you missed the previous articles, we encourage you to go have a look. We have already covered:

API #4: Lack of Resources & Rate Limiting

Although it is not the first time we mention…


This section

As a reminder, we started with this section two weeks ago. Our main purpose is to share the top cybersecurity attacks that applications are suffering and help by explaining how you can prevent them from happening.

In each story, we go through ‘Brief explanation’, ‘Is my API vulnerable?’, ‘Attack scenarios’ and ‘How to prevent?’, so by the end you have a comprehensive understanding.

If you missed the previous articles in which we went through Broken Object Level Authorization and Broken Authentication, go have a look :)

API #3: Excessive Data Exposure

This week brings us a very important topic, one that is often left unattended…


This section

As a reminder, we started with this section the past week. Here we talk about the top cybersecurity attacks that applications are suffering and how to prevent them from happening.

In each story, we go through ‘Brief explanation’, ‘Is my API vulnerable?’, ‘Attack scenarios’ and ‘How to prevent?’, so by the end you have a comprehensive understanding.

If you missed the previous article, in which we went through Broken Object Level Authorization, go have a look :)

API #2: Broken Authentication

This week is time for ‘Broken Authentication’, one of the most important things to take into account when developing web applications, given that…

Santiago Rosenblatt

Founder & CEO at Strike.sh | Ethical Hacker | Computer Engineer | Go Getter ✌🏻 - “Embrace reality and deal with it” https://linkedin.com/in/santiagorosenblatt

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store