The web is a funny old place. You create a wonderful application, deploy it for the world to see and then everybody just wants to break it. This session will show you some of the common security mistakes made by developers and how to avoid them. There will be (possibly frightening) demos with code in C#. Talk is rated level 200-300 with a target audience of web developers (not just ASP.NET. All the examples will be done in .NET. Even if you are not a web developer some of the parts of the talk will be handy) and assumes knowledge of web programming, basic security concepts, a working brain and sense of humour.