mkaz.com home photography web dev personal about

Web Application Security II

Best Practices for Secure Web Development
By Razvan Peteanu, razvan.peteanu@home.com
Rev 3.0     November 3rd, 2000

Homepage for Document: http://members.home.net/razvan.peteanu/
Local Mirror of Document:secure_webdev-3.0.pdf (211kb /pdf)

Read this document. It is one of the best documents I have read regarding web development and security. It discusses application security with the developer in mind. Here's the introductory paragraph:

The following document is intended as a guideline for developing secure web-based applications. It is not about how to configure firewalls, intrusion detection, DMZ or how to resist DDoS attacks. This is a task best addressed at system and network level. However, there is little material available today intended for developers. We have entered the dotcom age in which a web site is no longer an isolated site, but an extension of the internal business systems, yet there isnāt much about how to create this extension securely.


If the guys who developed the Major League All-Star balloting read the document, then maybe the ballot could not have been stuffed in 2000.