As Web development changes, so do the security precautions necessary to protect against attack. The rules presented here should be considered best practices and are not a replacement for programming experience. For more information on secure Web development, you may want to read through the following online resources:
"Best Practices for Secure Web Development," Razvan Peteanu, http://www.securitymap.net/sdm/docs/secure-programming/Secure-Web-Development.pdf.
"The World Wide Web Security FAQ," http://www.w3.org/Security/Faq/www-security-faq.html.
"Secure CGI/API Programming," Simson Garfinkel and Gene Spafford, http://www.w3j.com/7/s3.garfinkel.wrap.html.
"Writing Secure CGI Scripts," http://hoohoo.ncsa.uiuc.edu/cgi/security.html.
"Hacking the Web: A Security Guide," Anne Bilodeau, http://www.webdeveloper.com/security/security_hacking_the_web.html.
"Web of Security," Paul Stone, http://www.defenselink.mil/specials/websecurity/.
"CGI Security Compilation," http://bau2.uibk.ac.at/matic/cgilist.htm.
"CGI Security: Avoiding Common Pitfalls," http://paulisse.discusware.com/cgi-security/.
"Safe CGI Programming," Paul Phillips, http://www.improving.org/paulp/cgi-security/safe-cgi.txt.
"Is Your Web Server Secure?" Wallace Keith Gardner, http://www.gt.ed.net/keith/cgi/security.html.