Ok, I'm amazed that no one has mentioned this yet, so here goes: The Open Web Application Security Project http://www.owasp.org/index.jsp I read a whitepaper (lengthy and excellent quality) from them a couple of years ago and it changed the way I developed web applications http://sourceforge.net/project/showfiles.php?group_id=64424 (Try the "OWASPGuide2.0.1.pdf") Paul