I'm not in a position where I have to worry too much about security, but I often hear of vulnerabilities that we're protecting ourselves from. I simply ask some intelligent system architect and he says, “Yea, we're covered.”, and then the security audit comes back clean.
However, there are two security ‘hacks' or vulnerabilities that you can read about a lot on the net these days, SQL Injection and Cross-Site Scripting. I had been aware of both and have read quite a few ‘techy' bulletins on them, but not being a true programmer, I'd usually wait for security updates or just make sure the right folks were aware and I'd move on.
These two vulnerabilities are things that everyone should be aware of though, even the marketer. Simply posting a simple web-form on your website could really open your system up to some nasty things.
Brandon Wood has done a great job of writing Beginner's Guides to both topics that even you or I can understand:
- SQL sprautun
- Cross-Site Scripting