Excellent security resource here: “2009 CWE/SANS Top 25 Most Dangerous Programming Errors”. Lots of apps get burned by improper input validation, SQL injection, cross-site scripting. But it’s hard enough to make stuff, much less defend against all the ways to break stuff.
Here’s an efficient way to protect yourself. Read through each of the 25 “discussion” paragraphs first, to see the most frequent ways sites are attacked… get the big picture, fast. You can then drill into any particular topic if you want. Very efficiently organized.
Thanks to Brian Prince at eWeek for the tip, in “Keeping an Eye on Adobe Flash Security Means Catching Common Programming Errors”. Related recent story: IBM Rational AppScan.