It is really common for Web developers not to be very security-aware. And so they code for the normal case, and they don’t think about what a malicious person will do. If you have the security mindset, you are never trusting user input and you are assuming that if there is any kind of interface into your system, attempts to abuse it will be made.
2 Likes
