OWASP
- Minimize attack surface area
- Establish secure defaults
- Principle of Least privilege
- Principle of Defense in depth (layers)
- Fail securely
- Don’t trust services
- Separation of duties
- Avoid security by obscurity (state of being unknown/seret)
- Keep security simple
- Fix security issues correctly (fixes go together with automated tests)