As part of the software development process, ensure that data from an untrusted source does not introduce security issues in your application. Untrusted sources can include, but are not limited to, databases, files, web services, other applications, and user input. Veracode recommends that you check for these types of issues as early in the SDLC as possible, and continue checking for them throughout the life of your application.
The Veracode Research team works to identify cleansing functions that can help lower the risk of security issues from occurring when you use them in the correct context. These can sanitize the data in a way that renders it safer, or cleansed, for use. Veracode Static Analysis recognizes these.
Not every function is valid in every attack circumstance. For example, you might need to use a different function to protect against cross-site scripting attacks in an HTML attribute instead of in a form field. Be aware of the context in which you are using the function.