A hot button item in web development the past couple of years has been security. Vendors seem to be implementing the network stack in a fairly secure manner these days, so the popular attack vector has been applications. If developers aren’t taught how to develop securely then it doesn’t matter how well they do the rest of their job.

If you don’t want your web site to involuntarily become an ad for <insert pharmaceutical here> then you want to make sure your web developers know how to code in a secure manner. If you think we are just being overly paranoid then check out this link that we found in a story over at the ISC (Internet Storm Center) . Remember, it’s only funny until it happens to you.

Use this Google Search for a list of vulnerable sites.