April 25, 2007 - 09:00 UTC - Tags: book innocent code security
If you haven't allready read
"Innocent Code" by Sverre H. Huseby, you should really look into it. It's not just a book for developers with a special interest in security. I actually think you should consider reading this book mandatory before developing even the smallest web application.
I read it a couple of years ago, and I'll probably read it again. It gives a great introduction to common mistakes developers do, and covers topics like SQL-injection, Cross-Site Scripting (XSS), passwords and sessions. Code examples in different programming languages (e.g. PHP, java, perl) are included, and it also contains some anonymized real-world examples.
It's easy and quick to read, and each chapter is summed up by one or more rules you can apply to your everyday work as a web developer.