The answer is with security controls such as authentication, identity proofing, session management, and so on. It is impractical to track and tag whether a string OWASP Proactive Controls Lessons in a database was tainted or not. Instead, you build proper controls in the presentation layer, such as the browser, to escape any data provided to it.

OWASP Proactive Controls Lessons

The OWASP top 10 proactive controls

They are ordered by order of importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development. The OWASP Top Ten Proactive Controls 2018 is a list of security techniques that should be considered for every software development project.

As software developers author the code that makes up a web application, they need to embrace and practice a wide variety of secure coding techniques. All tiers of a web application, the user interface, the business logic, the controller, the database code and more – all need to be developed with security in mind. This can be a very difficult task and developers are often set up for failure. Most developers did not learn about secure coding or crypto in school.

OWASP Proactive Control 10 — handle all errors and exceptions

