|
|
|
|
|
|
by zbentley
887 days ago
|
|
|
> Returning 4xx on a client error isn't hard and is usually handled largely by your framework of choice. > Your argument is a strawman That's....super not true. Malformed requests with gibberish (or, more likely, hacker/pentest- generated) headers will cause e.g. Django to return 5xx easily. That's just the example I'm familiar with, but cursory searching indicates reports of similar failures emitted by core framework or standard middleware code for Rails, Next.js, and Spring. |
|
|
If you do not validate your inputs properly I am not sure what you are doing when you have a user facing applications of this size. Validating inputs is the lowest hanging fruit for preventing hacking threats.