DEV Community

Tanya Janca
Tanya Janca

Posted on • Edited on

4 3

Pushing Left, Like a Boss — Part 5.10 — Untrusted Data

#programming #tutorial #beginners #security

This series, and my blog, have moved! Check it out!

Trust data from…. No one. Not the database, not APIs, not even your mom.

Sydney, Australia, at #MSIginiteTheTour — I’m the tiny dot at the front

Me at #MicrosoftIgniteTheTour in Sydney, Australia. I'm the tiny dot.

Any data sent to your application needs to be treated as untrusted, and thus validated before it is used or saved. When I say this, I mean ALL DATA. Whoever saved the data to that database may have made an error while validating that input. The API you are calling may have been compromised. Even a highly intelligent user, such as my mother (degrees in both chemistry and mathematics, an accounting designation, and several certifications, including adult education - She's very bright.), could make a simple error when using an application, such as entering a single quote instead of a double quote, which could potentially send your application into an error state, causing a crash or worse.

Read the rest on my NEW blog!!

profile
Sentry
 Promoted

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (0)

profile
Pieces.app
 Promoted

The Most Contextual AI Development Assistant

Pieces.app image

Our centralized storage agent works on-device, unifying various developer tools to proactively capture and enrich useful materials, streamline collaboration, and solve complex problems through a contextual understanding of your unique workflow.

👥 Ideal for solo developers, teams, and cross-company projects

Learn more

Read next

haimzlato profile image

Hacking the Python Import System and Rewriting the AST For Durable Execution

haimzlato -

marufpfc profile image

What Can In-Browser JavaScript Do and What Are Its Limitations?

Md. Maruf Sarker -

adzhydra profile image

Azure Functions (dotnet): The Right Way to Work with Queue Storage

Adam -

dpc profile image

Daily JavaScript Challenge #JS-79: Find the Majority Element in an Array

DPC -