+% Centralize application output
+In the same category; the application could be designed in
+such a way that all dynamic output is sanitized before outputting it to the
+user. This would create another defense{-}in{-}depth layer for handling
+attacker controlled input.
+
+% Use working frameworks
+To achieve the last two points one could use a framework verified to be secure,
+the security reviewers could then spend less time on verifying the framework and
+more on the implementation of the specific features of this application.