I just wrote one of my first web applications (Linux, Apache, MySQL, Django), and would like to launch it publicly. It’s a webform-based task disguised as a game; I intend to eventually put it on Amazon Mechanical Turk and give small bonuses to people who achieve certain scores.

Even though this app does not have a tremendously high security risk, I need to safeguard it against manipulation and reverse engineering. However, I have little formal training in testing/security. Given that there are tangible prizes to be won, I know people will have an incentive to cheat, whether by altering POST data, pressing ‘back’ and re-submitting data until they win, etc. So far, I have been dealing with these issues on an ad-hoc basis by putting in security tests as I think of possible exploits. However, I realize there are probably lots of forms of manipulation that I haven’t thought of yet.

Can anybody recommend some reading materials from which I can learn how to protect my website against manipulation and reverse engineering?