This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
ApEx:Defence in depth
From OWASP
WIP 21/11/2008
Buttons
Dont hide button, but also disable the process from executing.
Input
Values from Select lists should validated on the backend.
Tabs & Menu's
Dont hide the tabs, but use authorization schemes.