Web applications accessible to the public Internet are guaranteed to be the target of random or focused attempts at mischief or abuse and recovering from a root compromise always painful. At a minimum, web applications require the planned design and consistent implementation of diverse technologies based on:
- education in the Most Critical Security Vulnerabilities [owasp.org]
- an understanding of the implications for Ken Thompson’s [wikipedia.org] concept of Trusting Trust [cmu.edu]
- the potential for Risks To The Public In Computers and Related Systems [ncl.ac.uk].
Microsoft web developers should also be very familiar with ASP.NET Web Application Security [microsoft.com].
Developers of e-commerce websites should also be familiar with PCI Security Standards [pcisecuritystandards.org] for payment card processing.