Back to Security Pattern Catalog




Hidden Implementation


Classification Key : Security Pattern Space

Problem

An attacker must understand the inner workings of a system before launching an attack. How can the attacker be prevented from gathering knowledge about inner workings of the system?

Solution

Limit the communication with client, because any communication might provide information about the internal workings of the system. Design the system such that it is impossible for an attacker to query inner workings of the system.

Known Uses

Suppression of HTTP error messages

Related Patterns

Minefield, Account Lockout

Source

Kienzle et. al. Repository

Tags

Reconnaissance, Attack Prevention


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz