10. Input Validation Always use server side validation as client side (javascript) validation can easily be bypassed Use white-listed values Use built-in escape functions Validate for correct data types, like numbers
12. Input Validation (Cont..) Don’t expect the return value from selections, radio buttons or check boxes of a form to be the ones you mentioned. So, always revalidate. Example: <input type="radio" name="gender" value="m" />Male <input type="radio" name="gender" value="f" />Female
42. Cross-site request forgery(XSRF) cont.. User A visits User B’s blog <img src=‘/admin/delete/post/112’/> Delete’s User A’s post with ID 112
43. XSRF Prevention Use POST Check for the presence of some sort of valid submission
44. I have more important tasks please leave me now…
45. Ok, Ok, Just Summery Use common sense Always check user input No direct user input at sql query Disable the error/warring messages at the production time Always try to use defensive programming technique Update your scripts to the latest versions