This series, and my blog, have moved! Check it out!
After writing up my secure coding guideline and finding it was over 11 pages, my editor informed me that it was inappropriate to publish as a single blog post. With compromise in mind, and in the hopes that people continue reading my blog, I agreed to break up the guideline into several shorter posts. The first few posts will be in-depth details of several of the items for the guideline, then a final post which will be a short, concise guideline, with links to each of the previous posts for further explanation.
Top comments (1)
Injections are really nasty vulnerabilities and every developer needs to understand what data does to their program (data processing is an illusion).
Language Security
gives a more general and precise understanding of input validation also known as parsing deterministic contect free languages 1 and context sensetive enparaing during unparsing them 2
Could everyone who is into development or AppSec please read about LangSec and make it easier to understand for others? Whitelists are not powerful enough and manual context specific encoding is very complex and overlooked in most outputs of a program.