"In How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, Mike Andrews and James A. Whittaker tackle every category of Web software exploit. They reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you find.
We found a few minutes to chat with these two experts, and to ask them for advice." - Esther Schindler
Here's a sampling of the questions asked
* What are the most common myths or assumptions about web site security?
* If you could convince every web developer to do one thing, just one thing to improve the site, what would it be?