angler-fishThe Vulnerability History Project

Lesson: Defense in Depth

Is this vulnerability an example of **defense in depth**? Defense in Depth is a principle of cybersecurity that states that security mitigations need to exsist throughout the system, not just in single layers. Think of Defense in Depth like a medieval castle in England. Those castles were designed with defense in mind, adding some sort of defense at each layer. First there are hills and cliffs to scale, then a moat, multiple walls, and all types of defenses throughout. Even the final spiral staircase up to the King's bedroom will rotate in such a way that favors right-handed defenders at the top of the stairs. Defense in Depth is a useful as an argument that, hard as we tried to secure the perimeter, we must assume that attackers got through and so we must focus on securing inner layers too.


Beware of complex inputs

Don't just think about code complexity, think about *input* complexity.