One of the fundamental tennets of writing secure applications is to control your inputs - many of the classic exploits against web servers and networked applications rely the way unexpected inputs are mishanded.

The IBM developerWorks site has an interesting article about how to protect your applications.

While it is somewhat Linux centric, the article is still highly relevant to Windows developers, as well as those on other platforms.

One danger area it doesn’t seem to mention is that of inserting input data directly into strings - especially relevant for SQL generation.


blog comments powered by Disqus