Open WebApp Secur Ity Project

http://www.owasp.org/index.jsp

has "Guide to Building Secure Web Applications"

has a Top-10 list of vulnerabilities

• I posted a question to the ZoPe list about it... looks like you get most of that for free.

  • someone else asked specifically about [Sql Injection] the same day.

[XSS]/[Cross Site Scripting] http://ha.ckers.org/xss.html

• Aug'2007 rules for parsing

• Sept'2007 filtering and escaping cheat sheet - see the Comments to discover how little agreement there is on these things!

User Options Recent Changes Help Page