Dana Epps points to a new DeveloperWorks column on writing secure code. Though they seem to be common sense, the main ideas are ones which need to be revisited often.
Use only secure components and only in secure ways.Posted by Josh at December 28, 2004 02:33 PM | TrackBackPass only valid data to a component and be sure that it will be interpreted as you expect. In particular, watch out for meta-characters (the cause of SQL injection, shell meta-character injection, format string, and Perl open() attacks).
Check return values and handle exceptions.
Protect data as it goes between your application and the component.