I lead the WASC Threat Classification v2 project and we've just completed a section that I felt deserved its own post. Prasad Shenoy along with the WASC TC peer review team authored a really great section on Improper Input Handling meant to describe each aspect of input handling with a medium level of detail. We've had a some great discussions about this software weakness, and found that input handling from a security point of view is rarely broken down at each phase. You can check out the WASC TCv2 working page to check out the current status of TC.

Only one section left!

Improper Input Handling: http://projects.webappsec.org/Improper-Input-Handling