We all have focussed on best practices and code quality over the past years, but we seemed to forgot the most important aspect of the web: security. This talk gives a good overview on your first-line of defence in your code, how to ensure that new exploits and hacking techniques are covered with tests and how you build solid web applications that secured enough to keep script kiddies and wanna-be hackers away. I will also give some tips what to do when you're company becomes victim of cyber crime.