CRV2 FrameworkSpecIssuesASPNet

= ASP.NET Security =

Sanitize Input
Anything coming from external sources can be consider as input in a web application. Not only the user inserting data through a web form, but also dsata retrieved from a web service or database, headers sent from the browsers.

A way of defining when input is safe can be done through defining a trust boundary