Each project team implements the data input validation differently. Some project teams may miss filtering certain illegal characters, some may not know how to encode the output correctly, and some may neglect to do path or URL canonicalization before validation. These data input/output handling issues could cause some security problems. Therefore, the CTO wants the security team to help provide the appropriate security framework and also create hands-on tutorials for their staff members.
The security team proposes a security training kit that includes coding rules, the coding framework, scanning tools, and some case studies.