Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.161 Define secure default options

This document contains the details of the security requirements related to the definition and management of source code in the organization. This requirement establishes the importance of defining secure default options in order to avoid unexpected behaviors in the application.


Source code must define secure default options ensuring secure failures in the application. (try, catch/except; default en switches)


The organization must ensure that its own systems and those of third parties are safe and fully comply with the functions for which they were implemented. For this, baselines must be implemented from the design and development phase to avoid bad practices in the development cycles, e.g the use of conditional without default option, which can cause unexpected behavior in the system.

The source code in the system is safer when good programming practices are implemented since the development stage ensuring the portability and maintenance of the application. If a system is difficult to maintain it will probably exist vulnerabilities within the source code.


  1. Definition of baselines since design/architecture stages in order to guarantee the implementation of good programming practices in the source code development.

  2. In the development lifecycle there must be a responsible for the product review from the source code to the system behavior in order to avoid unexpected behaviors in final stage of the implementation.

  3. Quality code and source code vulnerabilities scanners: They are tools that using lexical and syntactical analyzers perform code revision, processes it, suggest improvements and highlight possible vulnerabilities in the development stage. Using this kind of tools during the development process helps to improve code performance, detect logic excessively complex and simulate security issues that allows the developer to validate and discard false positives.


  1. Lead to unexpected behaviors in the application.

  2. Leak sensitive information from unexpected errors.


  • Layer: Application Layer

  • Asset: Source Code

  • Scope: Matureness

  • Phase: Building

  • Type of Control: Recommendation

Service status - Terms of Use