bounds checking
input sanitization ⇒ prevent buffer overflows, spectre, sql …
- canonicalization
-
range checking
- pattern checking
- all files, paths lead to resources with proper privileges
- no valid charactesrs
- use static analysis to check things
- everything going out must be sanitized