Considerations before beginning
Before implementing a positive security model for a web application, you need to weigh the pros and cons of this kind of model to determine whether or not it will be worthwhile to implement. There are some distinct advantages and disadvantages that come with the positive security model, and depending on the circumstances for each unique web application and the environment in which it exists, implementing it may not always be the best solution. Let's take a look at some of the advantages and drawbacks of this security model.
Advantages of implementing a positive security model:
High security
Protection against new and unknown forms of attack
The web application gets only data it knows how to handle as input, as opposed to being forced to accept any input that the user or an attacker provides
The model has the ability to protect third-party web applications without modifying their source code, and to protect legacy applications that are no longer supported
If a...
