Use the principle of deny by default

Use the principle of deny by default

Summary

The system should set minimal or no permissions for new users/roles and users/roles should not receive access to new features until it is explicitly granted.

Description

Systems should have a set of roles with different levels of privilege to access resources. The privileges of each role must be clearly defined and the role of each user should also be clearly stated. Furthermore, permissions and access should be granted using the principle of deny by default.

Supported In

This requirement is verified in following services

Plan Supported
Essential 🔴
Advanced 🟢

References

Vulnerabilities

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.