Just a heads-up: http://www.owasp.org/testing/index.shtml """ Project Overview The OWASP Application Security Testing Framework Group is setting out to define a structured framework to ensure that the appropriate security requirements have been implemented by a web application. By providing a structured community derived methodology covering both "white box" (source code analysis) and "black box" (penetration test) analysis we hope to be able to improve the quality of security testing for all web applications. """ They've also got a 900Kb+ Guide for download .. -- Jean Jordaan Upfront Systems http://www.upfrontsystems.co.za