1. Introduction
    1. Introduction
  2. Security Overview
    1. What is security
    2. Why security matters
    3. What is a hacker
    4. Total security is unachievable
    5. Get in the security mind-set
    6. Write a security policy
  3. General Security Principles
    1. Least privilege
    2. Simple is more secure
    3. Never trust users
    4. Expect the unexpected
    5. Defense in depth
    6. Security through obscurity
    7. Blacklisting and whitelisting
    8. Map exposure points and data passageways
  4. Filtering Input, Controlling Output
    1. Regulating requests
    2. Validating input
    3. Sanitizing data
    4. Labeling variables
    5. Keeping code private
    6. Keeping credentials private
    7. Keeping error messages vague
    8. Smart logging
  5. The Most Common Attacks
    1. Cross-site scripting (XSS)
    2. Cross-site request forgery (CSRF)
    3. SQL injection
    4. URL manipulation
    5. Faked requests and forms
    6. Cookie visibility and theft
    7. Session hijacking
    8. Session fixation
    9. Remote system execution
    10. File-upload abuse
    11. Denial of service
  6. Encryption and User Authentication
    1. Password encryption
    2. Salting passwords
    3. Password requirements
    4. Brute-force attacks
    5. Using SSL for login
    6. Protecting cookies
    7. Regulating access privileges
    8. Handling forgotten passwords
    9. Multi-factor authentication
  7. Other Areas of Concern
    1. Credit card payments
    2. Regular expression flaws
    3. Conversions and transformations
    4. Buffer overflows
    5. Source code managers
    6. Database security
    7. Server security
  8. Conclusion
    1. Goodbye