[SC-L] Some Interesting Topics arising from the SANS/CWE Top 25

[Johan Peeters]

> Steve I agree with you on this one.  Both input validation and output encoding
> are countermeasures to the same basic problem -- that some of the parts of
> your string of data may get treated as control structures instead of just as
> data.  For the purpose of this email I'm using a definition of "input

while I am being persuaded that you can use input validation and
output encoding interchangeably as countermeasures for *some* problems
documented here, there is another important dimension: enforcement of
business rules. In this domain, I do not see an alternative to input
validation.

kr,

Yo
-- 
Johan Peeters
http://johanpeeters.com