Web Application Security Blog Series

Web Application Security Blog Series:
As a consultant working with MySQL, I learned a lot about MySQL. I got deep into MySQL. But I did not often get a broad sense of the entire application ecosystem. Now that I work in-house, I can focus on the breadth. And especially working at Mozilla, I am in contact with many many developers working on many different applications. One Mozilla developer whom I respect greatly is James Socol, and his blog series on web application security is an excellent example of why he has earned my respect.
For those who want an overview, the articles (which are not all yet written) range many topics:
Basics: locking your car doors.

Password Storage

XSS: Cross-Site Scripting

CSRF: Cross-Site Request Forgeries

Injections, SQL and Otherwise

Access Control

Session Fixation and Hijacking

Server Configuration

Click-jacking and a little Phishing

Stay Up to Date

Advanced: Some gotchas from my experience and some things you may well see.

Mass Assignment

Cache Poisoning

Bots: Spam, Brute-force, and User Experience

PCI-DSS

CEF Logging

What browsers are doing to help.

Content Security Policy

X-Frame-Options

Do Not Track

Sandboxing
I think everyone involved in a web application should understand this series!

PlanetMySQL Voting:
Vote UP /
Vote DOWN

DIGITAL JUICE