B.C. Forbes once said that it's better to be occasionally cheated than perpetually suspicious. This was certainly intended to be tongue-in-cheek, and it's obvious that he said it long before the invention of the Internet. While things might go fine for a long while, a single "occasional" breach of security on your site is a terrible thing. Even a single successful attack can bring your site down to its knees and destroy everything that you've worked for. It's a sad truth, but as web developers, "perpetual suspicion" is the state of mind that we must re-affirm as part of our critical thought process when designing the architecture of an application.

While there's no such thing as a 100% secure web application (and ...