Facebook发布了一个安全指南, 以指导Facebook平台上的开发人员, 主要是参考OWASP和Microsoft的资源. http://wiki.developers.facebook.com/index.php/Platform_Security 1 Facebook Platform Security Features 1.1 FBML 1.2 FBJS 1.3 Facebook Connect 1.4 Phishing/Spam/Etc. 2 Common Vulnerabilities 2.1 Cross Site Scripting (XSS) 2.2 Injection Flaws 2.3 Malicious File Execution 2.4 Insecure Direct Object Reference 2.5 Cross Site Request Forgery (CSRF) 2.6 Information Leakage and Improper Error Handling 2.7 Broken Authentication and Session Management 2.8 Insecure Cryptographic Storage 2.9 Insecure Communications 2.10 Failure to Restrict URL Access 3 Secure Development Resources and Guides 4 Administration and Maintenance 4.1 Change Default Passwords 4.2 Use Strong Passwords 4.3 Keep Software Up To Date 4.4 Isolate Services 4.5 Remove or Disable Unnecessary Services 4.6 Administration and Maintenance Guides