Security Through Obscurity
With all of this text on how to keep an application’s source code and algorithms hidden so that attackers can’t view them, it may sound as if I’m advocating security through obscurity, or a defense based solely on the ability to hide the inner workings of the system. This is most definitely not the case; security through obscurity is a poor defense strategy that’s doomed to failure.
That being said, I want you to build your applications securely, but there’s no need to advertise potential vulnerabilities. To put it another way: security through obscurity is insufficient; but security and obscurity can be a good thing. If you look closely at all of the security principles and defense strategies we’ve discussed (and will ...
Get Web Application Security, A Beginner's Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
