2.1 Distrust All Data
You can be attacked from every source your application exchanges data with. GET, POST, SESSION, SERVER and COOKIE data, external script, frameworks, and APIs. And, of course, the database for your application. That's why a healthy distrust of any and all data is invaluable in the security war zone.