“Intro to basic web application security” is an excellent overview of the most common mistakes web developers make when it comes to security. The article provides practical examples (including code snippets and screenshots), which illustrate the problems and ways to solve them. The list includes:
- SQL injection (of course! no such guide would be complete without it)
- Cross-site scripting (XSS)
- Cross-site Request Forgery (CSRF/XSRF)
- Local file inclusion (LFI)
- Insufficient password hashing
- Man in the middle (MITM)
- Command injection
- XML external entity (XXE)
- Sensitive data exposure (including error messages and exceptions)
- Login rate limits
- and a variety of other, small, but potentially dangerous issues.