While coding, if there is only one thing you can do to get most ROI from securing you application point view its…
If you look closely at most of the CVEs, things almost always boils down to someone not spending enough time to validate input from untrusted sources.
Don’t be that developer.
Rule of thumb: Validate at the point of entry for:
* Size may not apply for most cases but others surely does.
Despite the fact that frameworks take care of security claims, remember nobody has the context of your code do it right the way you can.