http://www.devx.com/security/Article/20898/0/page/1
Speaking of cross-site scripts, SQL injection, encryption user information, verification input, etc.