The Information Technology Promotion Agency (IPA) explains key points in creating a safe web site.
The IPA has created the manuals, 'How to Secure Your Web Site,' and 'How to Use SQL Calls to Secure Your Web Site,' and it has much helpful information on its web site.

In the 'How to Secure Your Web Site,' look in particular at the following topics.

1. Implementation of security for Web applications
   The manual discusses eleven ways in which web sites are vulnerable to attacks, such as SQL injection, OS command injection, cross site scripting, etc. It also explains the dangers that can occur and the features a Web site must have to take precautions against these dangers. It indicates the fundamental policies a web site must follow to eliminate the causes of its vulnerabilities and gives countermeasures that can reduce the adverse influences of external attacks.
2. Concentration on improvement of web site security
   The manual recommends seven countermeasures to improve web site security, such as measures that will prevent the development of phishing scams; protection of web applications with a Web Application Firewall (WAF); and so on.
3. Case studies
   The manual explains the case studies and discusses solutions to the problems in them.

The manual, 'How to Use SQL Calls to Secure Your Web Site' explains:

the causes of the occurrence of SQL injections and the steps needed to use SQL calls to secure your web site.

If you look at the Information Technology Promotion Agency (IPA) web site, you will find much useful advice for creating your own web site.

• How to secure your web site (Japanese)