Web applications accessible to the public Internet are guaranteed to be the target of random or focused attempts at mischief or abuse and recovering from a root compromise always painful. At a minimum, web applications require the planned design and consistent implementation of diverse technologies based on:
- education in the Most Critical Security Vulnerabilities [owasp.org]
- an understanding of the implications for Ken Thompson’s [wikipedia.org] concept of Trusting Trust [cmu.edu]
- the potential for Risks To The Public In Computers and Related Systems [ac.uk].
Microsoft developers should also be very familiar with the .NET Secure Coding Guidelines [microsoft.com].
Developers of e-commerce application should also be familiar with PCI Security Standards [pcisecuritystandards.org] for payment card processing. And if you work in healthcare software, it is a must to know HIPAA for Profesionals [hhs.gov]