Daniel Sawano

Author
+ Follow
since Jan 20, 2020
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
3
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Daniel Sawano

Hi, I think there are already some really good examples in this thread but if I would pick one thing that I think is common, and the culprit of many security flaws, it would be input validation.

Input validation can mitigate several vulnerabilities such as XSS, Open Redirects, SSRF, and more. The vulnerabilities can be complex but input validation is, at its core, not that difficult. Sure, some validation can be very tricky to get right but a little goes a long way and a lot of times security flaws are caused by a complete absence of validation.

Our observation is that there’s a challenge for developers to remember to validate input in order to secure the code. In Secure by Design we approach this challenge by stressing the importance of business/domain validation. That is, asking the developers to make the domain logic really crisp. The end goal is still to achieve input validation but we approach it, and motivate it, from a different perspective.

It's also good to remember that, in most applications, nothing is "just a string". Input is usually expected to be "something" and that "something" can be verified via validation.
4 years ago