Possible Duplicate:
Resources to learn about security
What materials can I study to learn web development security. I'm a web developer, I use ASP.NET, Java, PHP, and JavaScript. I want to learn how to build strong and robust web sites that are not vulnerable. I want to protect my backend database.
I would strongly recommend these OWASP materials:
Application Security Verification Project at https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
Development Guide at https://www.owasp.org/index.php/Guide_Table_of_Contents
Testing Guide at https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
and Code Review Guide at https://www.owasp.org/index.php/OWASP_Code_Review_Guide_Table_of_Contents
I happen to think the following two resources provide an outstanding introduction to web security for developers:
@Nam's answer links to a number of other good resources. And a search on "web security" on this site will reveal many additional resources, e.g.,
If you could have only one book on web security, what would it be?
What are the most important security checks for new web applications?
What tools are available to assess the security of a web application?
If you read through those pages, you'll find tons of great resources referenced in the answers there.
Also, I encourage you to take a look at Stanford's CS 241 and CS 142 courses on secure web programming. The courses are excellent and prepared by world experts in the subject, and the course material is available online. You'll learn a lot by going through the course on your own. A similar course may be offered over the summer for a relatively affordable price. (I have no connection or affiliation with Stanford.)
