Question

Security Controls and principles are important to understand and implement. Below you will find a list of security Principles. Identify three of the principles you would like to discuss with your classmates and explain how the principles could be used to stop SQL injection attacks.

List of security principles:

a. Separation (of domains)

b. Isolation

c. Encapsulation

d. Least Privilege

e. Simplicity (of design)

f. Minimization (of implementation)

g. Fail Safe Defaults / Fail Secure

h. Modularity

i. Layering

j. Least Astonishment

k. Open Design

l. Usability

m. Reduce attack surfaces.

Please make sure to include references

Answer 1

To prevent SQL injection attacks, three crucial security principles to discuss are:

• Separation (of domains)
• Encapsulation
• Least Privilege

How to explain these

Separation (of domains): By segregating sensitive data from application logic, such as user inputs and SQL queries, a clear division is established. This helps prevent malicious code from accessing or altering critical databases.

Encapsulation: This principle involves bundling data and its associated methods together, restricting direct access.

Least Privilege: Implementing the principle of least privilege restricts access rights to only necessary resources.