TL;DR: "An application should assume zero trust in ALL data and resources that it consumes, no matter who created them, including internal staff"
Software, in particular web-based applications suffer from a problem with trusting data and resources.
Trusting Data
Data coming