Strings—such as command-line arguments, environment variables, and console input—are of special concern in secure programming because they comprise most of the data exchanged between an end user and a software system. This chapter covers the security issues with strings and how you can sidestep them.
Link: informit.com