Watching SO come online has been quite an education for me. I'd like to make a checklist of various vunerabilities and exploits used against web sites, and what programming techniques can be used to defend against them.
- What categories of vunerabilities?
- crashing site
- breaking into server
- breaking into other people's logins
- spam
-
sockpuppeting, meatpuppeting
- etc...
- What kind of defensive programming techniques?
- etc...
From the Open Web Application Security Project:
- The OWASP Top Ten vulnerabilities (pdf)
- For a more painfully exhaustive list: Category:Vulnerability
The top ten are:
- Cross-site scripting (XSS)
- Injection flaws (SQL injection, script injection)
- Malicious file execution
- Insecure direct object reference
- Cross-site request forgery (XSRF)
- Information leakage and improper error handling
- Broken authentication and session management
- Insecure cryptographic storage
- Insecure communications
- Failure to restrict URL access