Mark Woods posted this link on the CFAussie mail­ing list yes­ter­day — A Guide to Build­ing Secure Web Appli­ca­tions from The Open Web Appli­ca­tion Secu­rity Project.

I’ve never heard of these guys, but there’s some great stuff here. In par­tic­u­lar, check out the sec­tions on cook­ies and SSL — there’s some good plain-english expla­na­tions of the con­cepts that come up in mail­ing list ques­tions all the time.

Some of the sec­tions are a lit­tle light, but from the fore­word I under­stand it’s a work in progress. Def­i­nitely worth book­mark­ing for future reference!