This chapter will cover common pitfalls that are not otherwise covered in the previous chapters. It is my firm belief that memorization of many types of vulnerabilities or breach statistics is not the most effective use of our time when we are trying to learn to secure software; instead, we need to learn to defend against all issues.

That said, despite all of the defenses we learned in Chapters 1 through 4, a few specific situations require special attention: vulnerabilities that are common and damaging, but for which we have not yet learned specific defenses. That is what we will cover in this chapter.

OWASP

The Open Web Application Security Project, more commonly known as OWASP, is a worldwide community dedicated to helping everyone create more secure software, found online at OWASP.org. They have approximately 300 chapters around the world where they hold free monthly events to teach about application security and other helpful topics. They host several international and regional conferences per year, in-depth and unique training opportunities, project summits, and are the creators of over 100 open source projects that help to push the application security industry forward. They are the creators of the Zed Attack Proxy, the most-used web app proxy and security scanner, and several other tools, documents, and even their own free books. They are a community that is open and anyone in the world can join. Despite all of these amazing contributions ...