Software Engineering, Project Management, and Effectiveness
If you use a principle-based approach, you can get rid of classes of security issues. SQL injection, cross-site scripting and other flavors of input injection attacks are possible because of some bad practices. Here's a few of the bad practices:
The key to input and data validation is to use a principle-based approach. Here's some of the core princpiples and practices:
If you use principle-based approach, you don't have to chase every new threat or attack or its variation. Here's a few resources that help get you started:
Nice blog posting -- I just published a blog posting (first of 3 part series) on input validation at http://www.buildingsecurecode.com/2007/04/26/approaches-to-input-validation/.
Impacta LLC (http://www.impactalabs.com)
"Risk management solutions working for you"