The ColdFusion Developer’s Journal has published the Top 10 Web Security Tips. Although this is written using ColdFusion references, the concepts are applicable to PHP, Asp, etc. For serious web application programmers this is a must read!
- Have an Error Handler
- Prevent Cross-Site Scripting
- Remove Dangerous Characters
- Prevent Fake Form Submits
- Stop Unauthorized Data Mining
- Validate Parameters and Prevent SQL Injection Attacks
- Use Server-Side Validation to Back Up Client-Side Validation
- Harden Your Logon Code
- Prevent Timeout Client/Session Backdoors
- Avoid Trojan Horse Uploads