Here are a few pieces I’ve written recently on Web application security you may be interested in…things that affect each and every one of us working in IT and infosec:
I wouldn’t want to be a developer these days
Don’t overlook the importance of authenticated testing
You can’t change what you tolerate
Testing for weak passwords: a common oversight without a great solution
How often should you test your web applications?
Notable changes in the PCI DSS 2.0 affecting Web application security
Enjoy!
Also, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcasts, webcasts, screencasts and more.