Security is not a simple topic, but there is value in simple expressions of best practices. Like a mission statement, best practices can keep you on track while you focus on the details.

When it comes to web app security, there are two best practices I recommend above all others:

• Filter input
• Escape output

A majority of all vulnerabilities can be traced back to a failure to filter input or escape output. Consider this the least you can do when it comes to protecting your users.