[thelist] beefing up site security

Sarah Adams mrsanders at designshift.com
Thu Sep 7 08:19:11 CDT 2006

> What if there is a bug in one of your validation routines? That is why it is
> almost impossible to be "sure" that nothing bad is getting through, because
> there are very few ways that you can be sure that your code has no bugs.

Of course you're right, but just because I can't be 100% sure doesn't
mean I shouldn't do everything I can to stop as many as possible :)

> You probably want to look at the OWASP (Open Web Application Security
> Project) Guide to get a good idea of the threats that you face, and best
> practices in mitigating them. Common threats include SQL Injection,
> Cross-Site Scripting, session hijacking etc.
> http://www.owasp.org/index.php/OWASP_Guide_Project
> OWASP also has a mailing list currently hosted at www.securityfocus.com (the
> same place that BugTraq is hosted)

Those look like excellent resources - thanks!

sarah adams
web developer & programmer
portfolio: http://sarah.designshift.com
blog: http://hardedge.ca

More information about the thelist mailing list