The CERT Network Situational Awareness (NetSA) team, specifically our talented and hard-working intern Matthew Heckathorn under Sid Faber's guidance, has published an SEI Technical Report on monitoring web-based threats.
The report draws on related work such as OWASP but comes from a different point of view. While OWASP is focused on developing web applications securely, this report focuses more on situations where you don't have that control, but you need to protect servers and clients from web-based threats. The report may help you answer the following questions:
- What kinds of network monitoring do you need to do?
- How do you identify the attacks?
- How do you prevent them at the network level?
At more than 100 pages, the report is as comprehensive as we could make it and still get it out in a (relatively) timely manner.