What is the recommended way to not code like this? I always take care to not tru... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

vsnf on March 11, 2022 | parent | context | favorite | on: How to use undocumented web APIs

What is the recommended way to not code like this?

I always take care to not trust raw user input, and add rate limiting and request size limits. I'm sure there is more I can be doing, but this is not my area of expertise.

pjmlp on March 11, 2022 [–]

- Never trust any kind of input without validation.

- Assume that the caller might not be a browser, so don't assume anything regardling workflows between calls.

- Keep up to date with OWASP, https://owasp.org/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact