# Insecure Design

This security risk describes issues whose underlying cause is either the selection of insecure control mechanisms or their complete neglection.

A04:2021

# Background

# Context

This security risk describes design flaws causing security issues. This means the selection of certain processes or workflows which are, as the name already tells, insecure by design. This is to differentiate from implementation flaws, which can happen even if a secure design is chosen.

# Problems

An insecure design will never be secure even if implemented perfectly

# Solutions

Experience in building systems securely
Usage of security processes such as Microsoft SDL (opens new window), BSIMM (opens new window) or SAMM (opens new window)
Ask security experts about recommended designs

# Technology

This security risk is about understanding and selecting processes and not selecting correct technologies. Therefore, no framework or library can support this.

← Cross-Site Scripting (XSS) General Information →