The current thinking in this area does not focus enough on educating developers who are completely new to secure development. At Secure Development we believe this is an area that needs to be addressed. Our aim is to help developers really understand what they need to do in their applications to prevent common vulnerabilities.
Understanding of the finer details of a SQL Injection or Cross Site Scripting attack is a place where a developers education should evolve to but very often this is where developers have to start. We aim to help developers by producing The Principles of Secure Development which should prevent many of the common vulnerabilities in web applications.
The information on this site is not aiming to substitute any other projects such as the OWASP Top 10 or the SANS Top 25 but rather it is filling a gap in the developers education space. The amount of web applications being exploited continues to rise and developers are now expected to know how to create secure web applications.
The website is currently in development and will be launched in early June 2009. Please subscribe to the Security Ninja Blog to keep up-to-date.