Ask HN: Preventing SQL injection/XSS in web apps

1 points by singer ↗ HN
Before releasing a new web app, what are the top security-related items you check in order to prevent SQL injection, XSS, etc.?

2 comments

[ 3.9 ms ] story [ 17.8 ms ] thread
To prevent SQL injection, use bound SQL variables instead of embedding user input in SQL queries. You will also gain performance.

To prevent xsrf attacks, check referer header before you take action.

if you're obtaining input from a user, sanitize and validate it. for everything.