Security

Links

 * Protecting passwords from password guessing techniques
 * The Usability of Passwords
 * The Usability of Passwords - FAQ
 * Philip Tellis's blog security section
 * Bruce Schneier's password advice
 * Ruby on Rails security guide
 * How I'd hack your weak passwod
 * Web security exploits list on Wikipedia
 * http://plaintextoffenders.com/
 * How to manage a PHP application's users and passwords
 * Open Web App Security Project (OWASP)
 * Forbes article about Gawker breach
 * let's talk about password storage (Mozilla's best practices)

Common attacks
... TODO: need more intro to ...
 * OWASP Attack catalog
 * XSS
 * CSRF
 * Session hijacking
 * Session fixation

Security Testing Tools
... TODO: Post a list of tools that can be used for testing the app against common attacks
 * Skipfish
 * Burp

Libraries

 * OpenID libraries
 * OAuth libraries

PHP

 * PHPass - password encryption library