Almost as bad as thinking ‘nobody can break my web application’ is a bury your head in the sand and think ‘if I don’t try and break it , then it must be working , right?’
The Open Web Application Security Project is a cold dose of reality – it documents what the bad guys already know, and what you should know to actively try and break your own website.
I haven’t tried running any of these against any of the well know Irish Websites, (for obvious reasons), but it would be interesting to see how many would pass these tests … they even provide WebGoat , a piece of software to teach you on how to find (and fix) Security flaws (thanks John for the correction!).
