Defense in Depth

← Back to Secure Development Practices

Layering multiple security controls so that if one fails, others still protect the system. No single security measure is sufficient. Defense in depth combines input validation, output encoding, parameterized queries, WAF, network segmentation, and monitoring.

Key Properties

• Multiple Security Layers
• Compensating Controls
• Failure Isolation

---

application-security secure-development defense-in-depth