Another way of thinking about security is to imagine the possible attack surface of your system. For example, in case of a web application this includes:
As a general rule, we look at reducing the attack surface. For our example, this would mean:
We can take this analysis to the next level once we start assuming a breach in our system. For example, how can we reduce the attack surface if we assume an attacker has breached the web application and can assume its identity? etc.
Taken to its logical conclusion, this principle leads us to the Zero Trust Model which we will discuss later.