Good reading:
http://www.w3.org/Security/Faq/
Best Overall paper on WWW security issues.
www.webappsec.org
The web application security consortium (WASC) homepage. They are starting some really exciting
projects so be sure to check it out.
http://www.cert.org/tech_tips/cgi_metacharacters.html
Paper on Removing Meta-characters from User Supplied Data in CGI Scripts.
Understanding Malicious Content Mitigation for Web Developers
Good paper on XSS attacks.
http://www.dshield.org/topports.html
Shows stats on common attacks. (Port 80 being #1 attacked port)
techlists
Technical Mailing List Archives
Htaccess Tutorial
Part 1 of a 3 part section.
Htaccess Tutorial
Part 2 of a 3 part section.
Htaccess Tutorial
Part 3 of a 3 part section.
IDS Signature Writing Part 1
Part 1 of a 3 part section.
CERT.org Web App Security list
Good short paper
IIS security tutorials
Good read for IIS admins
Solving the problem of HTML Mail
Good read if you use webmail.
HackProofing Lotus Dominio Web Server
http://www.nextgenss.com/ Released a great paper on locking
down a Lotus Dominio Webserver.
Preventing Cross Site Scripting Attacks
Good read on CSS holes.
Database:
cve.mitre.org
Great site with archived security holes and good information
on them.
www.dshield.org
Shows reports of a distrbuted Intrusion detection system.
Also shows most command attacked servers and ports.
Additional:
Dominodig
A tool for use with auditing Lotus Domino.
