We are pleased to announce an updated version of the Open Web Application Security Project Guide to Building Secure Web Applications in both PDF (983K) and HTML at: http://www.owasp.org/guide/ The Guide covers various web application security topics from architecture to preventing attack specifics like cross site scripting, cookie poisoning and SQL injection. The document is released under the GNU documentation license and is a community volunteer effort. We would like to thank the numerous individuals who have emailed us with feedback and suggestions since the Guide's original posting in June. We would particularly like to acknowledge the hard work of Alex Russell who put long hours in updating the content and cleaning up this current draft. Special thanks to Gene McKenna, Michael Hill, and Christopher Todd for their considerable contribution to this draft. Of course, we are also grateful to the orginal authors who are listed on the cover. This document is an evolving beast, and as such we are always looking for feedback and volunteers. Of interest to us is adding new content regarding language specific implementation guidelines, web services, and other areas that would prove useful to web app developers and vendors. If you like the work, want to contribute or have suggestions for improvements, please drop us an email. dendler@owasp.org The Open Web Application Security Project http://www.owasp.org