Trust the User
Panagiotis Vagenas WordCamp Athens 2016 11
●
Actually, never ever trust the user
●
Make UI as simple as possible
●
Document, especially options
●
Try to avoid options that could have a critical
security impact
●
If you have to include such settings, make as clear
as possible what impact could have each option
on their website’s security
●
Validate, sanitize & escape for all input & output,
even it’s something only admins can set or see