Wikibooks:Collections/Web Application Security Guide


 * Intro


 * Checklist


 * Miscellaneous points
 * File inclusion and disclosure
 * File upload vulnerabilities
 * SQL injection
 * Cross-site scripting (XSS)
 * XML and internal data escaping
 * (Un)trusted input
 * Cross-site request forgery (CSRF)
 * XML, JSON and general API security
 * Clickjacking
 * Insecure data transfer
 * Session fixation
 * Session stealing
 * Truncation attacks, trimming attacks
 * Password security
 * Comparison issues
 * PHP-specific issues
 * Prefetching and Spiders
 * Special filess
 * SSL, TLS and HTTPS basics


 * Further reading
 * Authors