Hi Tony, In addition to the two resources supplied by Jay, I'd also look at some of the info and whitepapers from the 'Open Web Application Security Project': http://www.owasp.org/index.php/Main_Page Paul