Insecure Design: Shifting Left (A04:2021)

Insecure Design is a new category in the OWASP Top 10 2021. It focuses on risks related to design and architectural flaws. You cannot "code" your way out of a bad design.

Threat Modeling

Threat modeling is the practice of identifying potential threats before writing code.

Secure Design Patterns

1. Least Privilege

Ensure that every module/user has only the minimum privileges necessary to perform its function.

2. Defense in Depth

Layered security controls. If one fails, others stand in the way.

yaml

# Example: Kubernetes Network Policy (Defense in Depth)
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
spec:
  podSelector: {}
  policyTypes:
  - Ingress

By implicitly denying all traffic, we force developers to explicitly allow only necessary communication paths, reducing the attack surface by design.

Insecure Design: Shifting Left (A04:2021) ​

Threat Modeling ​

Secure Design Patterns ​

1. Least Privilege ​

2. Defense in Depth ​

Insecure Design: Shifting Left (A04:2021)

Threat Modeling

Secure Design Patterns

1. Least Privilege

2. Defense in Depth