The fail-safe defaults principle states that unless an entity is given explicit access to an object, it should be denied access to that object by default. Whenever access/privilege/some other security related attribute is not explicitly granted, it should be denied. A design or implementation using the fail-safe default principle tends to fail by refusing permission. This is a safe situation, because it will be detected quickly and hence corrected, if needed. However, a design or implementation which grants default access when not found is much more problematic in nature and may go unnoticed while violating authorization.
Example 1: Firewall Configuration: Any packet that is not explicitly allowed to be transmitted should be denied. And there should be a rule to deny all to achieve fail-safe default.
Example 2: Web Server File System: Construct access control list by either whitelist (allow all in the list and exclude all other) or blacklist (do not allow anyone in the list and include all other).