Preventing unauthorized access to secure information is not easy and takes time. Websites that deal with money, such as banking, gambling or credit card payments will always be a focus of attack, but all websites are targets.
What would happen to your organisation if they were in the news tomorrow due to a security breach?
It's not just money that gets stolen, but personal information and security codes that might be used elsewhere. Programmers should be thinking about this risk in everything they create.
[security.backdoor] The Security Desk
[security.obscurity] Secret URLs
[security.url] Protection against URL rewriting
[security.request] Trusting a user request
[security.role] Roles vs Permissions vs Access