Sometimes the easiest way to find vulnerabilities is to look at what has happened in the past. By examining common vulnerabilities that have appeared in other applications, we can learn from previous mistakes.
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted.
OWASP has tools, documents, forums, and local chapters all dedicated to the advancement of web application security. All the resources are free and open to anyone interested in improving application security.
OWASP advocates approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all these areas.
If you have not been there, check out the OWASP web site at http://www.owasp.org.
OWASP compiled a list of the top 10 vulnerabilities that plague web applications. This list is quickly becoming the de facto list of application vulnerabilities in security circles, and so here it is:
Information from web requests is not validated before being used by a web application. Attackers can use these flaws to attack backend components through a web application.
Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access other users' ...