Hackers use a number of vectors to attack Web apps, including cross-site scripting (XSS), cross-site request forgery (CSRF), insecure direct object references, and security misconfiguration. This session goes deep on all four techniques, presents real-life examples in which they have been used, and offers techniques for defending against them so your Web app doesn't become the latest in a long line of casualties.