Have you ever wondered what SQL injection was, and how it worked? Couldn’t figure out how someone could take over your web browsing and redirect you to another site entirely, or intercept and replace legitimate web traffic with some nasty malware? Dave Millier and Assef G. Levy will give you an overview of web application security, describe some of the most common security (or insecurity!) coding practices and how to avoid them, and will do live demonstrations using DVWA, showing some of the most common web vulnerabilities being exploited in the wild today. At the end of this session you should have a solid understanding of how the most common exploits work, and also have some good ideas on how to avoid them, both as a web user and as a web developer.