There are a number of important security principles that I’ve been taught over the past few year.s These principles are fundamental to both the study of cybersecurity, as well as the actual implementation of security systems. Here are a few of the principles.

Always enforce least privilege.

The idea is to only give users the least amount of privileges needed to accomplish the tasks they’ll need to or want to perform. For instance, if you create a new profile on Facebook, you’re not given admin privileges to the backend of Facebook’s platform. You’re only given basic privileges that a simple consumer of the platform would need to have. You have to have the ability to edit your profile, but you can’t edit the profiles of others.

Always validate inputted data to prevent against SQL injections.

SQL injections are a form of attack where an attacker can inject SQL commands into a SQL statement somewhere on the back-end of a web form. Essentially, any web application input that does a database lookup or inserts data into a database is vulnerable to these types of attacks.