I’ve just put up my latest post over on the HP Application Security Blog on how to avoid Account Harvesting on your website.

If you’re someone who either builds or defends websites—or even someone who’s just interested in web hacking, you should have a look:

[ Secure Web Series, Part 2: How to Avoid User Account Harvesting ]