DEV Community

Discussion on: What are some fundamentals of security every developer should understand?

adnanrahic profile image
Adnan Rahić
  1. Validate input data!
  2. Seriously, validate input data.
  3. Did I mention validating input data?
andreasvirkus profile image

The biggest security mindset shift for me was understanding that input is not something a user enters in a form element. Input is literally everything that comes to your server (since everything can be tampered with), so treat it as such!
That async request you yourself wrote so you think you can trust it? Validate that payload same as you would a text field.