For the PHP developers who are interested in learning more about Cross-Site Scripting (XSS) or Cross-Site Request Forgeries (CSRF), I'm happy to announce that Foiling Cross-Site Attacks is now available for free from my Web site.

This article, originally published in the Oct 2003 issue of php|architect, describes both attacks as well as several best practices that can help you protect your applications. Thanks to php|architect for allowing me to make this information freely available.