Security is not a simple topic, but there is value in simple expressions of best practices. Like a mission statement, best practices can keep you on track while you focus on the details.

When it comes to web app security, there are two best practices I recommend above all others:

• Filter input
• Escape output

A majority of all vulnerabilities can be traced back to a failure to filter input or escape output. Consider this the least you can do when it comes to protecting your users.

Chris Shiflett Boulder-based founder, designer, and developer. Co-founder of Studioworks and Schoolcase, and founder of Faculty, a product studio. Writing about building things on the web since 2000. More about Chris →