"You may think your web app’s profile is too low to worry about hackers, but attacks are frequently automated, not targeted, and a compromise of the weakest password in your system can often give access to the rest."

The traditional password reset mechanism undermines the strength of the entire system. It doesn’t matter that my password is encrypted with the strongest ciphers known to man when it can simply be reset by anyone who knows which high school I attended. from a list apart.

Information technology's next grand challenge will be to secure the cloud--and prove we can trust it. from Technology Review.

The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

ways to add additional security to the session.

The following recipe for persistent cookies requires no crypto more powerful than a good random number generator.

a self-contained boot disk that securely wipes the hard disks of most computers.

bad for the ecosystem.

technique that uses javascript to recognise human activity based on screen events.

using php's filter_var function.

common security pitfalls and development glitches.

no excuse for asking for a third-party password. from adactio.

security features and characteristics, commentary and implementation tips. on google code.

part one of four. from added bytes.

the proper destruction of data on hard drives. from readwriteweb.