CHAPTER 2
Security Fundamentals
Input validation
Attack surface reduction
Classifying and prioritizing threats
In this chapter, we’ll be taking an early look at two of the high-level security principles that we’ll be returning to again and again over the course of the book: input validation and attack surface reduction. If you do nothing else for your application in terms of security but these two activities (not that we recommend doing nothing else!), you’ll still be well protected against every major threat that you face today and, more than likely, every major threat you’ll face tomorrow.
We’ll also take this opportunity to introduce some popular methods of classifying threats and prioritizing them. We’ll be referring to these threat and vulnerability categories throughout the book, so getting a good grasp on these concepts and the associated lingo early on will prepare you for what’s ahead.