Defense in Depth

Multiple layers of security controls

“Redundancy in security measures so that if one fails, another catches the threat.”

When to use

Architecting secure systems.

Why it matters

  • Reality Check: No single security measure is perfect. Firewalls have holes. Passwords get stolen.

Signs of Violation

  • Relying solely on the Firewall (“It’s internal, so it’s safe”).
  • Storing passwords in plain text because “the database is behind a VPN”.

Explanation

Problem

Attackers are persistent. If you have only one door, they only need to pick one lock.

Solution

Layer 1: Network Firewall. Layer 2: WAF (Web App Firewall). Layer 3: App Authentication. Layer 4: App Authorization. Layer 5: Database Encryption.

Real world analogy

A castle. Moat -> Outer Wall -> Inner Wall -> Guards -> Locked Keep -> Treasure Chest. If you swim the moat, you still have to climb the wall.

Pros and Cons

Pros Cons
  • Robustness
    		•
  • Cost and Complexity
    		•

    Comparison

    • Swiss Cheese Model: Failures happen when holes in the layers align. Defense in depth adds more slices of cheese.

    Code example

    Typescript

    Bad (Violation)

    Good (Adherence)

    PHP

    Good (Adherence)