

Ask HN: Preventing SQL injection/XSS in web apps - singer

Before releasing a new web app, what are the top security-related items you check in order to prevent SQL injection, XSS, etc.?
======
ntoshev
To prevent SQL injection, use bound SQL variables instead of embedding user
input in SQL queries. You will also gain performance.

To prevent xsrf attacks, check referer header before you take action.

------
noodle
if you're obtaining input from a user, sanitize and validate it. for
everything.

