Designing input validation strategies
Partitioning Web sites into open and restricted areas
Implementing effective account management practices
Developing effective authentication and authorization strategies
Protecting sensitive data
Protecting user sessions
Preventing parameter manipulation
Handling exceptions securely
Securing an application s configuration management features
Listing audit and logging considerations