Defense-in-Depth Validation Overview When you fix a bug caused by invalid data, adding validation at one place feels sufficient. But that single check can be bypassed by different code paths, refactoring, or mocks. Core principle: Validate at EVERY layer data passes through. Make the bug structurally impossible. When to Use Use when: - Invalid data caused a bug deep in the call stack - Data crosses system boundaries (API → service → storage) - Multiple code paths can reach the same vulnerable code - Tests mock intermediate layers (bypassing validation) Don't use when: - Pure internal function…