Learn about common web application security threats and how to avoid them in your code. We will discuss general security challenges and high level principles, example attacks, social engineering, browser security and more, providing best practices along the way. This talk is a good review of the topic for experienced developers, and is highly recommended for new programmers who have not been exposed to web application security challenges in the past. This session is not specific to any particular server-side technology. We will not discuss network security (routers, DMZs) or OS security, as this talk is focused on web application developers.