ID | Requirement |
---|---|
GP.1 | Minimize Attack Surface: Interfaces, functionality, parameters, services, and protocols |
GP.2 | Don’t Trust User Input: Data that has been received from an untrusted source (e.g. a web |
GP.3 | Defense-in-Depth: Security SHOULD be implemented based on multiple layers to |
GP.4 | Keep Security Settings Adaptable: Security parameterization SHOULD be declared where |
GP.5 | Externalize Security Functions: Security functions SHOULD be externalized (e.g. using an |
GP.6 | Keep Security Consistent: Identical security controls (e.g. one within the web frontend and another within an AJAX interface) SHOULD be implemented with the same security |
GP.7 | Use Mature Security Controls: Security relevant program code SHOULD only be |
GP.89 | Keep Security Testable: Before a new technology (protocol, framework, API, etc.) is being |
GP.9 | Use Secure Defaults: Use secure / safe defaults (e.g. in frameworks) to prevent unintentional security problems. |
Page Comparison
Manage space
Manage content
Integrations