I love this whitepaper
summary (posted by Anil
John). There's enough hyphens for everyone on your team :-).
Alex must have written this one. Cheers Alex! I've been waiting for
a Web security whitepaper of this depth and breadth. Happy weekend
"Bake security into the application lifecycle. It's a comprehensive guide for
creating "hack resilient" apps. Use the guide to secure the network, host and
application (there's something for architects, devs, system admins, testers, and
security pros). It's principle-based and threat focused. Guidance is task-based
and modular with tons of implementation steps. Deep drill-down on each
technology, Code Access Security, ASP.NET, Enterprise Services, Web Services,
Remoting, and Data Access (ADO.NET/SQL Server), with threats and countermeasures
are provided. Also, includes checklists and How Tos."