First page Back Continue Last page Summary Graphic
Use SSL for passing all sensitive data
Audit your CGIs/scripts for issues such as directory recursion and non-sanitized user input
Keep state information on the server, don't rely on cookies or HIDDEN fields - supported by PHP, ASP, Cold Fusion, etc.
Encrypt cookies where you must use them