Web applications are very often wide-open doors for hackers to exploit, stealing data, defacing Websites, and often traversing through a network owning server after server. The Code Camp website demonstrates several poor security practices, which I will demonstrate. I will also demonstrate several common vulnerabilities, showing how to exploit them, and how to patch the vulnerable code, including: SQL Injection Cross-Site Request Forgery Cross-Site Scripting Local File Inclusion I will provide live demonstration apps and code on my Website for everyone to use freely. Nothing here is new, and the most important information is more than ten years old. However, this information is missing from many programming classes and textbooks and new Web apps are still repeating the mistakes of the past. I hope to inspire more coders to consider security earlier in the development process.