O'Reilly logo

Building Secure Software: How to Avoid Security Problems the Right Way by Gary McGraw, John Viega

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

12. Trust Management and Input Validation

There must have been a moment, at the beginning,where we could have said—no. But somehow we missed it.

—TOM STOPPARDROSENCRANTZ AND GUILDENSTERN ARE DEAD

One of the biggest problems in software security is that humans have a tendency to make poor assumptions about who and what they can trust. Even developers have this tendency. Trust isn’t something that should be extended lightly. Sound security practice dictates the assumption that everything is untrusted by default, and trust should only be extended out of necessity. That is, if there is no way to meet a set of requirements without trusting someone or something, then and only then should we extend trust. In the case of software, this means we shouldn’t ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required