Not sure when this was released, but I am sure that it was pretty recently.  From the title I wasn’t really expecting much, but was pleasantly surprised by the clarity with which the tips were explained.  Frank Kim and Ed Skoudis co-authored this pithy 6 page paper.

Here is the description from the SANS Reading Room:

Many web application vulnerabilities are a direct result of improper input validation and output filtering, which leads to numerous kinds of attacks, including cross-site scripting (XSS), SQL injection, command injection, buffer overflows and many others. This article describes some of the best defenses against such attacks, which every Web application developer should master.

This offering looks to be part of a new series from SANS entitled, Working Papers in Application Security. I am looking forward to future papers if they are written as lucidly as this one.

Good work, Frank and Ed.

Here is the link to get the document: http://www.sans.org/reading_room/application_security/protecting_web_apps.pdf