Back to Security Pattern Catalog

Hidden Implementation

Classification Key : Security Pattern Space


An attacker must understand the inner workings of a system before launching an attack. How can the attacker be prevented from gathering knowledge about inner workings of the system?


Limit the communication with client, because any communication might provide information about the internal workings of the system. Design the system such that it is impossible for an attacker to query inner workings of the system.

Known Uses

Suppression of HTTP error messages

Related Patterns

Minefield, Account Lockout


Kienzle et. al. Repository


Reconnaissance, Attack Prevention


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz