This talk examines the countermeasures software developers should take to protect the web applications they write Includes discussion of: Input chokepoint Least privilege Role-based authorisation Throttling Monitoring and Security Testing The two major network services are email and web Most issues with email can be dealt with at network perimeter (spam, virus, privacy); limited number of developers directly involved; well-understood message content text + permitted attachments (e.g. PDF);

User agents can prevent execution of message BTW: if you have problems with SPAM check out: http://spambayes.sourceforge.net/

Download Preventing Web Application Hacking PDF