This repository was archived by the owner on Feb 15, 2020. It is now read-only.
This repository was archived by the owner on Feb 15, 2020. It is now read-only.
Open
Description
In order for 18F developers to have a practical understanding of what defensive programming is and the threats of untrusted user data, there should be a section in the security guide about it.
It should:
- Include information on understanding threats posed by untrusted, user-provided data
- Either include a link to information about output encoding, or written information
- The guidance should include practical examples and information on how a team can actually continue this practice on a real team, including tools to use.
- The link should be reviewed by 18F security lead