Centralize Error Handling

by Serge Truth on December 16, 2010 at 10:00 AM

Write a class or library dedicated to error handling. Centralized error handling is easier to test and implement correctly. Handling errors is important for security, so better error handling improves security. Perform the...

Assume All Web Application Input is Malicious

by Serge Truth on December 15, 2010 at 10:02 AM

What to Do

Applications should assume that all of their input is malicious, and take action accordingly. Input should be validated and either rejected or sanitized immediately, carefully quarantined during use, and...

Centralize Input Validation

by Serge Truth on December 14, 2010 at 10:03 AM

Centralizing input validation helps ensure that data is validated in a consistent way throughout the application and provides a single point of maintenance. Perform the following steps to assure that all input is...