• Implement access control schemes Restrict access to database objects and functionality, according to the Principle of The Least Privilege (Insecure direct object references).

  • Base input validation on a whitelist. Use the most restrictive rule by default and allow special characters only by exception. This will reduce the attack surface for many vectors.

  • Use parameterised statements