The top ten security holes for web developers
The security experts at the Open Web Application Security Project (OWASP) have updated their Top 10 list of web application vulnerabilities. The OWASP previously released lists in 2004 and in 2007. OWASP board member Dave Wichers said that, in the updated list, the project discusses potential risks as well as the possible vulnerabilities.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump