The most difficult fields to validate are so called free text fields", as the most frequent stereotype of web application input valiation goes, becomes even more complicated when the free text contains multi-language Unicode. Unicode is indeed complicated and tricky to get right on the first try, but for application defenders it's actually a great tool to get the input validation right. This talk will clear misconceptions about Unicode input validation, explain what Unicode normalization, canonicalization and character classes are, and how these can be used to make your input validation bulletproof rather than cause head aches.

OWASP AppSec 2018

Slides https://www.slideshare.net/kravietz/unicode-the-hero-or-villain

Also available on LBRY https://lbry.tv/@DevSecOps:c3379b3b3606df5f0ec1558cc61199aba5d7312e

Support at https://liberapay.com/webcookies

This version was re-uploaded to fix hiccup due to broken MP4 published previously.