How to Build Preventative Countermeasures for Web Application Vulnerabilities
Most of the vulnerabilities identified in Chapter 3 could have been simply avoided by not allowing them to occur in the first place. The best way to avoid creating vulnerabilities in web applications is to plan and build security as part of the development cycle.
Since application-security planning is not a widely understood art, and since it involves time and expenses, it is often neglected. The unfavorable alternative is to test applications for vulnerabilities after they are created in test or beta test mode. As we saw in Chapter 3, this is simply too late. ...