OWASP Agile web security: Evil Stories & Top 10 Web Security tips

OWASP: https://www.owasp.org/index.php/Agile_Software_Development:_Don%27t_Forget_EVIL_User_Stories

• Example #1. "As a hacker, I can send bad data in URLs, so I can access data and functions for which I'm not authorized."

• Example #2. "As a hacker, I can send bad data in the content of requests, so I can access data and functions for which I'm not authorized."

• Example #3. "As a hacker, I can send bad data in HTTP headers, so I can access data and functions for which I'm not authorized."

• Example #4. "As a hacker, I can read and even modify all data that is input and output by your application."

OWASP Top 10 Web Security tips: http://css.dzone.com/articles/owasp-top-10-web-security

1.  Injection

2.  Cross-Site Scripting (XSS)

3. Broken Authentication and Session Management

4.  Insecure Direct Object References.

5.  Cross-Site Request Forgery (CSRF)

6.  Security Misconfiguration

7.  Insecure Cryptographic Storage

8.  Failure to Restrict URL Access

9.  Insufficient Transport Layer Protection

10.  Unvalidated Redirects and Forwards