Modern web development has many challenges. Of course, you need to write code
that fulfills customer functional requirements. It needs to be fast. Further you
are expected to write this code to be comprehensible and extensible.

Somewhere, way down at the bottom of the list of requirements, behind, fast,
cheap, and flexible is “secure”. That is, until something goes wrong, until the
system you build is compromised, then suddenly security is, and always was, the
most important thing.

Specialized techniques, such as threat analysis, are increasingly recognized as
essential to any serious development. But Cade Cairns and Daniel
Somerfield explore how security can be significantly enhanced with some basic
practices which every developer can and should be doing as a matter of course.

more…