A robust security framework for generic input validation based on policies to curate data for downstream consumption and decrease development effort.

To avoid buffer overflows, Cross-Site Scripting (XSS), Unvalidated Input vulnerability, SQL injection and dirty data, I came up with a generic security framework for all Ruby-based microservices.

It was designed as a generic regex-based multi-level nested input validation system, which gives complete control over the data that is getting ingested into the system. The developers had to specify a regex policy for the incoming requests' params and the framework will act as a middleware scrutinizing the input before forwarding it to the API controller. This completely avoided dirty data from getting ingested which resulted in better analytics and reporting downstream.

This gave huge confidence in the data and amped-up the security aspects and boosted the developer productivity. This was critically acclaimed and immediately adopted by the data ingestion team who are responsible for all types of data creation in the platform.