- Introduction
    - [[Introduction]]
  - Security Overview
    - [[What is security?]]
    - [[Why security matters]]
    - [[What is a hacker?]]
    - [[Total security is unachievable]]
    - [[Get in the security mind-set]]
    - [[Write a security policy]]
  - General Security Principles
    - [[Least privilege]]
    - [[Simple is more secure]]
    - [[Never trust users]]
    - [[Expect the unexpected]]
    - [[Defense in depth]]
    - [[Security through obscurity]]
    - [[Blacklisting and whitelisting]]
    - [[Map exposure points and data passageways]]
  - Filtering Input, Controlling Output
    - [[Regulating requests]]
    - [[Validating input]]
    - [[Sanitizing data]]
    - [[Labeling variables]]
    - [[Keeping code private]]
    - [[Keeping credentials private]]
    - [[Keeping error messages vague]]
    - [[Smart logging]]
  - The Most Common Attacks
    - [[Cross-site scripting (XSS)]]
    - [[Cross-site request forgery (CSRF)]]
    - [[SQL injection]]
    - [[URL manipulation]]
    - [[Faked requests and forms]]
    - [[Cookie visibility and theft]]
    - [[Session hijacking]]
    - [[Session fixation]]
    - [[Remote system execution]]
    - [[File-upload abuse]]
    - [[Denial of service]]
  - Encryption and User Authentication
    - [[Password encryption]]
    - [[Salting passwords]]
    - [[Password requirements]]
    - [[Brute-force attacks]]
    - [[Using SSL for login]]
    - [[Protecting cookies]]
    - [[Regulating access privileges ]]
    - [[Handling forgotten passwords]]
    - [[Multi-factor authentication]]
  - Other Areas of Concern
    - [[Credit card payments]]
    - [[Regular expression flaws]]
    - [[Conversions and transformations]]
    - [[Buffer overflows]]
    - [[Source code managers]]
    - [[Database security]]
    - [[Server security]]
  - Conclusion
    - [[Goodbye]]