All Input Is Ego Until Proven Otherwise

I think doing things like authorization checks and authentication checks, you know, the threat models just show you the whole end-to-end. I still believe strongly that we should be teaching developers just that one skill if nothing else: Do not trust any input into your system. That's where problems are gonna, you know,. sort of manifest themselves.

Play episode from 24:55

Transcript

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

Get the app