Employing OWASP resources
- The Open Web Application Security Project (OWASP) top ten
- Remediating identified vulnerabilities
Securing database and application interaction
- Uncovering and preventing SQL injection
- Defending against an insecure direct object reference
Managing session authentication
- Protecting against session ID hijacking
- Blocking cross–site request forgery
Controlling information leakage
- Displaying sanitized error messages to the user
- Handling request and page faults
Performing input validation
- Establishing trust boundaries
- Removing the threat of Cross–Site Scripting (XSS)
- Exposing the dangers of client–side validation
- Implementing robust server–side input validation with regular expressions