Chris Shiflett has posted more free articles today on his site, mostly from previous issues of PHP Magazine and php|architect.

I'm still trying to catch up on posting articles to my web site - there are now four more available for free:

• Security Corner: File Uploads (18 Oct 2004)
• Guru Speak: How to Avoid "Page Has Expired" Warnings (21 Oct 2004)
• Security Corner: Ideology (15 Nov 2004)
• Security Corner: Cross-Site Request Forgeries (13 Dec 2004)

If you only read one, read the article on CSRF (cross-site request forgeries). I think it is one of the most overlooked attack vectors around, and it doesn't receive the attention it deserves. If you've never heard of CSRF, I bet your applications are vulnerable.

There's tons of good information in these articles, particularly the CSRF piece - with cross-site scripting becoming so much of a problem in sites (and one of the hardest to catch), these forgeries are invetiable and it's best to be informaed before they happen...