This document summarizes potential vulnerabilities in how different layers of a web application process data. It discusses how each layer - including hardware, operating system, browser, network, web server, framework, application and database - accepts inputs and produces outputs that could be leveraged maliciously if not properly validated. The key point is that inputs may come from sources beyond just user input, and outputs may contain sensitive information, so all data processed across layers needs to be carefully validated. Specific examples are provided of vulnerabilities the author has discovered in how various popular systems handle specific inputs or transformations at each layer.