Common security problems in the code of dynamic web applications
The majority of occurring software security holes in web applications may be sorted into just two categories: Failure to deal with metacharacters, and authorization problems due to giving too much trust in input. This article gives several examples from both categories, and then adds some from other categories as well.
By Sverre H. Huseby at the Web Application Security Consortium.
[ Read more ]