Discussion on: What are some fundamentals of security every developer should understand?

View post

Don't trust any data or code, not even your own. Handle data in its respective context. Handle code as a liability.
If only one small part of your application is insecure, all of it is insecure.
Most attacks are related to side channels, performance and timings, buffer overflows, off-by-one errors or a combination thereof.
In order to secure your code, you must think like an attacker.