Jamie Riden, Ryan McGeehan, Brian Engert and Michael Mueter just released an Honeynet paper on Web security called: Know your Enemy: Web Application Threats You can find their paper here: http://honeynet.org/papers/webapp/ The paper is very good, and deals with all kinds of web threats such as SQL Injection and XSS. Of most interest to me were the Code Injection and Remote Code-Inclusion due to my own research in that field. The Honeynet paper deals with many issues other than these, and is most definitely recommended reading. Jamie Riden has written a paper on web honey pots in the past. These guys know what they are talking about. Gadi.
