I'd like to add Subsection 1 to Peer Review. This section would be called QA.
in reply to Re: Essential CGI Security Practices
in thread Essential CGI Security Practices
QA - Put your code into a replication of your production environment and get a dedicated QA person to go thru' your application as if it was live on the web. A skilled QA person is a seriously good weapon to have in your arsonal.
While youre there you may as well set up a dedicated UAT to test your application as well. Keep in mind you shouldnt tell your QA 'guy' about how or what your app does as this may influence the nature of their testing.