Back to Security Pattern Catalog
: Security Pattern Space
An attacker must understand the inner workings of a system before launching an attack.
How can the attacker be prevented from gathering knowledge about inner workings of the system?
Limit the communication with client, because any communication might provide information about the internal workings of the system. Design the system such that it is impossible for an attacker to query inner workings of the system.
Suppression of HTTP error messages
Minefield, Account Lockout
Kienzle et. al. Repository
Reconnaissance, Attack Prevention
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz