Quiz Entry - updated: 2026.07.05
Explain Defense in Depth with a practical example.
Stack multiple independent security layers so that if one fails, the next still stops the attack — no single control is trusted to catch everything.
* The defense-in-depth onion — each layer an independent barrier, so an attacker must defeat all of them in turn to reach the data at the core. *
Example — Protecting a web application (5 layers):
- Network layer — Firewall blocks unused ports, only 443 open
- Reverse proxy — WAF filters common attacks (SQLi, XSS patterns)
- Application layer — Input validation rejects malicious data
- Database layer — Parameterized queries prevent SQL injection even if validation fails
- Data layer — Sensitive fields encrypted, so DB breach doesn't expose plaintext
How it works: If an attacker bypasses the WAF with an obfuscated payload, input validation might catch it. If that fails, parameterized queries prevent execution. If data is accessed, encryption protects it.
Analogy: Like a castle with walls, moat, and keep — no single layer is trusted to stop all attacks.
Go deeper:
OWASP Developer Guide — Defense in Depth — the layered-defense rationale: if one layer fails, another mitigates.
Wikipedia — Defense in depth (computing) — the layered physical / technical / administrative controls model.