Page Operations
Browse SpaceDescribe concepts like defence in depth, whitelisting, risk management, assurance etc.
Whitelisting versus blacklisting
You should always define what you will accept, not what you won't accept. The latter strategy can not be exhaustive and it is easy to make mistakes. Whitelisting on the other hand specifies exactly what you accept. This strategy can be found in input validation, web server hardening etc.
The security craftsman, interesting and readable blog series by Erlend Oftedal on several security/injection practices.