New from OWASP.org (the Open Source Web Application Security Project), there is a new paper talking about the state of security on the web today and how to help your applications become more secure.

Security professionals have traditionally focused on network and operating system security. Assessment services have relied heavily on automated tools to help find holes in those layers. Today's needs are different, and different tools are needed. Despite this, the basic tennants of security design have not changed. This document is an attempt to reconcile the lessons learned in past decades with the unique challenges that the web provides.

The Guide that they have laid out here covers just about everything you can think of when designing a web app - everything from validating input from your users to some options on cryptography. This one is a good read, especially for anyone that has had trouble in the past coming up with a user authentication system or someone just starting to work on a rather large site and wanting a "checklist" to go through.

Many thanks to PHPEverywhere for the link.