There’s an excellent thread going on over at stackoverflow.com about suggestions for what every programmer should know about security. Some of the more interesting highlights: Never trust user input! Validate input from all untrusted sources – use whitelists not blacklists Plan for security from the start – it’s not something you can bolt on at [...]