Web applications present a complex set of security issues for architects , designers, and developers. The most secure and hack-resilient Web applications are those that have been built from the ground up with security in mind.
In addition to applying sound architectural and design practices, incorporate deployment considerations and corporate security policies during the early design phases. Failure to do so can result in applications that cannot be deployed on an existing infrastructure without compromising security.
This chapter presents a set of secure architecture and design guidelines. They have been organized by common application vulnerability category. These are key areas for Web application security and they are the areas where mistakes are most often made.