

Common Ways a Site Can Get Hacked - MarlonPro
http://blog.nerdery.com/2013/10/building-secure-website/

======
purplerails
I believe one additional way to mitigate Risk #2 "Broken Authentication and
Session Management" should become best practice:

The ability to sign out of all other sessions.

Without this a user who forgot to logout from a library would be out of luck
until the session expired.

