Welcome to Secure By Default!
In software, Secure By Default means that the default configuration settings are the most secure settings possible, which are not necessarily the most user friendly settings. In many cases, security and user friendliness are evaluated based on both risk analysis and usability tests. This leads to the discussion of what the most secure settings actually are.
This site has the intention of providing software developers with information about security threats and the countermeasures that can be taken against those threats. The information presented to you is filtered mainly from OWASP. This blog differs in that it has been applied to a specific JSF web application which will be shared. Specific adjustments to the application are shared in the blogs making it as concrete as possible for the reader. The prior focus of this blog is on web applications build with JSF as this blog is a result of the master work. More information can be found on the about page.
The blog has two parts being
- Security threats: blog posts that explain security threats out there in detail in order for the developer to understand them
- Security countermeasures:blog posts that explain security countermeasures in detail and how to implement them assuming that the developer already understands the security threats
This blog has as intention to have a good interaction between both the threats and the countermeasures by referring to each other where possible. Next to that, some additional pages will be created in order to give the developer a good overview
Possibily this blog will be extended in the future with stand alone application security and mobile application security before handling other web application frameworks. That is if people are interested in the topic.
If you think information is incorrect or missing or you have an idea of a topic, please leave a comment or contact me at firstname.lastname@example.org
- Wikipedia: Secure by default