I'm still trying to catch up on posting articles to my web site - there are now four more available for free:

• Security Corner: File Uploads (18 Oct 2004)
• Guru Speak: How to Avoid "Page Has Expired" Warnings (21 Oct 2004)
• Security Corner: Ideology (15 Nov 2004)
• Security Corner: Cross-Site Request Forgeries (13 Dec 2004)

If you only read one, read the article on CSRF (cross-site request forgeries). I think it is one of the most overlooked attack vectors around, and it doesn't receive the attention it deserves. If you've never heard of CSRF, I bet your applications are vulnerable.

Note: If you're interested in CSRF attacks, you might want to view the slides of PHP Security by Example (with class files) and follow along with the exercises - one of them covers CSRF, so you can try it out for yourself.