I'm still trying to catch up on posting articles to my web site - there are now four more available for free:
- Security Corner: File Uploads (18 Oct 2004)
- Guru Speak: How to Avoid "Page Has Expired" Warnings (21 Oct 2004)
- Security Corner: Ideology (15 Nov 2004)
- Security Corner: Cross-Site Request Forgeries (13 Dec 2004)
If you only read one, read the article on CSRF (cross-site request forgeries). I think it is one of the most overlooked attack vectors around, and it doesn't receive the attention it deserves. If you've never heard of CSRF, I bet your applications are vulnerable.
Note: If you're interested in CSRF attacks, you might want to view the slides of PHP Security by Example (with class files) and follow along with the exercises - one of them covers CSRF, so you can try it out for yourself.