- Don't trust user input.
- Filter input as it comes in, and accept only what you know is good. i.e Check for white box and black box.
- Encode untrusted data before outputting it to your http stream.
Reference : "ASP.Net 3.5 Security" course on Pluralsight
