We can get a good handle on the guard issues by following information flow from the browser to the CustomerGateway fortress to the OrderManagement fortress to the Inventory fortress, as shown in Figure 14.9. All of the guards in this system will be variants of guards that we will encounter within this sequence.
The single hardest guard issue we run into is, coincidentally, the first: validation of the HTTP request. You might ask why we're worried about validating the HTTP request. After all, this request is coming from emissary code—that is, code that was written by the same team that wrote the CustomerGateway fortress. But that is part of the problem. HTTP requests can come from anywhere.
The guard should check all input fields ...