The following tutorial is being presented at the ACSAC Hawaii Conference on December 8, 2009. More information at http://www.acsac.org/2009/program/tutorials/webappsec/ .
WebAppSec.php: Developing Secure Web Applications
Web applications are the new frontier of wide-spread security breaches. This tutorial will guide you through development practices to ensure the security and integrity of your application, in turn protecting user data and the infrastructure the application runs on. Several attack types will be reviewed, along with how the proper development practices can mitigate their damage. This tutorial targets the security of PHP-based applications, although much of the content is also applicable to other web programming languages.