12. Trust Management and Input Validation
There must have been a moment, at the beginning,where we could have said—no. But somehow we missed it.
—TOM STOPPARDROSENCRANTZ AND GUILDENSTERN ARE DEAD
One of the biggest problems in software security is that humans have a tendency to make poor assumptions about who and what they can trust. Even developers have this tendency. Trust isn’t something that should be extended lightly. Sound security practice dictates the assumption that everything is untrusted by default, and trust should only be extended out of necessity. That is, if there is no way to meet a set of requirements without trusting someone or something, then and only then should we extend trust. In the case of software, this means we shouldn’t ...
Get Building Secure Software: How to Avoid Security Problems the Right Way now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.