I think I could write about Web application security every hour of every day…there’s just so much involved with building secure apps, proper security testing, getting (and keeping) management on board and so on…But I wouldn’t want to torture you in that way. Anyway, here are a few bits you may be interested in:
Properly scoping your Web security assessments
The cure for many Web application security ills
How much Web security is enough?
Enjoy!
As always, be sure to check out www.principlelogic.com/resources.html for links to my additional Web security whitepapers, podcasts, webcasts, books and more.