Last year during my summer internship I had the chance to catch up with current developments in Web-Security. In particular I had a closer look at mechanisms, that are used as a second line of defense or hardening mechanisms against common web attacks. I created drafts of blog entries describing some of the things I learned. Those posts are now available at my former employers blog.
If you're not too familiar with web applications and web security this might be an interesting read: