Hi malware fighters,

Building a Web Application Security Program (Securosis-link below). Web Applications not only have many of the same threats and issues as traditional applications, but by their nature, have a whole additional set of issues to worry about as well. They require a different approach and analysis, and we hope that you will follow the use cases and adapt the technologies and process improvements suggested to meet your organizational needs. As the science of web application security is advancing very quickly, and as the attacks against web applications and platforms continues to evolve, our approach and recommendations will change. As we anticipate periodic updates to the content, we recommend that you periodically re-visit this section for alterations and amendments.

Get the pdf file here: http://securosis.com/reports/WebAppSec_Programv1.pdf

pol