Security vulnerabilities in software are almost always a result of malicious user input. The solution then, of course, is to securely sanitize all user data to avoid any issues. But, in a large application, there are numerous places this sanitation can happen. To name a few, the data can be validated when it first arrives or it can be encoded when it is exported back to the user or sent to a backend service such as a database.

In this session, I will cover the best places to sanitize user data to avoid security issues and the advantages and disadvantages to each approach in your code.