Filter Input, Escape Output

06 Feb 2005

Security is not a simple topic, but there is value in simple expressions of best practices. Like a mission statement, best practices can keep you on track while you focus on the details.

When it comes to web app security, there are two best practices I recommend above all others:

A majority of all vulnerabilities can be traced back to a failure to filter input or escape output. Consider this the least you can do when it comes to protecting your users.