13.3.1 implies that input validation is enough for security #1594
Labels
2) Awaiting response
Awaiting a response from the original poster
Will be closed if no response/opposite arguments
13.3.1 (also briefly mentioned here #1552) implies that input validation is enough to protect data.
Inputs into API's may need validation or possibly sanitization for HTML input, or even encoding in some cases to protect against injection, or query parameterization to protect from SQl. Even valid data can sometimes cause injection! Validation is not always "the way" and sometimes it does not secure data, such as a valid email can still be a SQLi vector like jim'or'!=@manicode.com
The text was updated successfully, but these errors were encountered: