Security Patterns Repository

Patterns

all | design | requirement | architectural | implementation | procedural

(source: DSS+09)

It is possible that sensitive information stored in a reusable resource may be accessed by an unauthorized user or adversary if the sensitive information is not cleared before freeing the reusable resource. The use of this pattern ensures that sensitive information is cleared from reusable resources before the resource may be reused.

(source: KETEH01)

It is often desirable or even necessary for a Web application to rely on data stored on the client, using mechanisms such as cookies, hidden fields, or URL parameters. In all cases, the client cannot be trusted not to tamper with this data. The Client Data Storage pattern uses encryption to allow sensitive or otherwise security-critical data to be securely stored on the client.

(source: KETEH01)

It is often desirable or even necessary for a Web application to rely on data stored on the client, using mechanisms such as cookies, hidden fields, or URL parameters. In all cases, the client cannot be trusted not to tamper with this data. The Client Data Storage pattern uses encryption to allow sensitive or otherwise security-critical data to be securely stored on the client

(source: KETEH01)

Client input filters protect the application from data tampering performed on untrusted clients. Developers tend to assume that the components executing on the client system will behave as they were originally programmed. This pattern protects against subverted clients that might cause the application to behave in an unexpected and insecure fashion.

(source: BH04)

Structure a system so that an independent failure of one component will be detected quickly and so that an independent single-component failure will not cause a system failure.

(source: HHS07)

One of the concretized security problem frame for confidential data transmission considers symmetric encryption.

(source: HHS07)

Many security-critical systems are required to keep data confidential during its transmission. Confidential data transmission means restricting access to transmitted data to those who are privileged to access it.

(source: SW07)

Use the configurable authorization requirement pattern to specify that the definition of which users can do what is to be configurable (that is, can be changed dynamically).

(source: SNL05)

Using a Container Managed Security pattern, the container performs user authentication and authorization without requiring the developer to hardwire security policies in the application code. It employs declarative security that requires the developer to only define roles at a desired level of granularity through deployment descriptors.