Most of the security vulnerabilities come from IEF: Insecure Exposed Functions. They are functions available to the outside that should not, such as a public dropDatabase() for example.

Next comes Routing Abuse tied for second with memory corruption issues. Rust has strongly type strings, so these errors occur less in Rust. The example of HTTP headers is great: Rust does not parse the header name as strings. They are present or not instead.

The average developer is more concerned with shipping the product now and worry about fixing bugs later than how security can be designed from the start.

Not bad. The image is generated in real-time.

Parsing increases the information in the type system. A list can be of type NonEmpty, i.e. there is at least one element.

Use a data structure that makes illegal states unrepresentable.
Push the burden of proof upward as far as possible, but no further.

and awesome guidelines to follow.

So parse "data" and return the closest type instead of only validate them.

How PDFs work to arrive at this conclusion and why it is not so true.

The authors think the url does not really matter anymore because

• they are not fully displayed in some browsers
• they need to be short and memorable to get people to it

So it does not need to contain a lot of information.

An example of API testing in Cypress