“Never trust user input” - say the wise. Sound advice, although it raises more questions than it answers. First of all, what does it mean to trust a piece of data? Why not trust it? Is user input the only piece of data you should be careful with? Can you even trust any data? These are the questions I am exploring in this post. Assumptions When data enters your system, you are likely to have various assumptions about it.

Probably the most valuable thing you need to protect is data. You may own this data, or you may just be the custodian. It might be sensitive such as PII and credentials or just metadata you collected and organized. No matter its type and content when you think about its security here is what you need to keep in mind. Data is kind of like water. Water is essential for life just as data is critical to the business.