Don't trust user input

ASDR Table of Contents

Last revision (mm/dd/yy): //

Description
A principle is a simple rule that helps to guide security decisions in complex situations.
 * 1) Start with a one-sentence description of the principle
 * 2) Describe the principle and how it should be applied to security decisions

A user or client will not always submit data your application will expect. By building robust applications that do not trust user input by default, you ensure the application will be able to handle unexpected data gracefully. Examples of user input include: form data, client information such as user-agent strings, cookies, referer, etc. Anything that is submitted in an HTTP request should be considered user input.

Phone number

 * A short example description, small picture, or sample code with links

Short example name

 * A short example description, small picture, or sample code with links

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Related Controls

 * Input Validation