Skill Wiki
Defense In Depth
Assume every individual control will fail at some point. Design so that the system survives any single failure: a successful XSS hits a session cookie that is HttpOnly; a leaked database has bcrypt'd passwords; a stolen …
$ prime install @security/principle-defense-in-depthProjection
Always in _index.xml · the agent never has to ask for this.
DefenseInDepth [principle] v0.1.0
Layer independent controls so that the failure of any one does not equal compromise. Validation at the boundary, parameterisation at the database, encoding at the HTML sink, hashing at the password store, encryption at rest, encryption in transit, least-privilege at every component — each addresses a different failure mode and each is mandatory.
Assume every individual control will fail at some point. Design so that the system survives any single failure: a successful XSS hits a session cookie that is HttpOnly; a leaked database has bcrypt'd passwords; a stolen backup is encrypted; a compromised service account has narrow permissions; a successful injection runs as a low-privileged DB user that cannot drop tables.
Loaded when retrieval picks the atom as adjacent / supporting.
DefenseInDepth [principle] v0.1.0
Layer independent controls so that the failure of any one does not equal compromise. Validation at the boundary, parameterisation at the database, encoding at the HTML sink, hashing at the password store, encryption at rest, encryption in transit, least-privilege at every component — each addresses a different failure mode and each is mandatory.
Assume every individual control will fail at some point. Design so that the system survives any single failure: a successful XSS hits a session cookie that is HttpOnly; a leaked database has bcrypt'd passwords; a stolen backup is encrypted; a compromised service account has narrow permissions; a successful injection runs as a low-privileged DB user that cannot drop tables.
Applies To
- Layered controls — never rely on a single check to enforce a security property.
- Compromised-component thinking — what is the blast radius if THIS subsystem is fully attacker-controlled?
- Output encoding even after input validation; encryption at rest even with access control; MFA even with strong passwords.
- Logging and monitoring as the last layer — when prevention fails, detection bounds the damage.
Loaded when retrieval picks the atom as a focal / direct hit.
DefenseInDepth [principle] v0.1.0
Layer independent controls so that the failure of any one does not equal compromise. Validation at the boundary, parameterisation at the database, encoding at the HTML sink, hashing at the password store, encryption at rest, encryption in transit, least-privilege at every component — each addresses a different failure mode and each is mandatory.
Assume every individual control will fail at some point. Design so that the system survives any single failure: a successful XSS hits a session cookie that is HttpOnly; a leaked database has bcrypt'd passwords; a stolen backup is encrypted; a compromised service account has narrow permissions; a successful injection runs as a low-privileged DB user that cannot drop tables.
Applies To
- Layered controls — never rely on a single check to enforce a security property.
- Compromised-component thinking — what is the blast radius if THIS subsystem is fully attacker-controlled?
- Output encoding even after input validation; encryption at rest even with access control; MFA even with strong passwords.
- Logging and monitoring as the last layer — when prevention fails, detection bounds the damage.
Source
prime-system/examples/security-appsec/primes/compiled/@security/principle-defense-in-depth/atom.yaml