More often than not, web applications start off as a bright idea, which is then brought into realization at a fast and furious pace, with little eye for anything but result. Once all envisioned functionality is incorporated in the design and the project is launched, developers will be assigned to the next project. Notwithstanding a few bug fixes, the final - yet essential - step of software development is more often than not, omitted: the security audit. Despite the fact that these checks are regarded as tedious and superfluous, practice shows that it is time well spent: numerous, often severe vulnerabilities come to light. In his presentation, Sijmen Ruwhof will detail how to incorporate security checks into the software development process. He will also step through the implementation, and caveats of a security audit. Sijmen Ruwhof is founder of Secundity and works as a security analyst. An aficionado for anything related to internet security and developing secure software, Sijmen specializes in security research, from performing code reviews, and application assessments, to penetration testing. Before venturing into information security, he was software developer at various software companies. As expert at finding security vulnerabilities in web sites and applications, Sijmen knows how his findings relate to business risks, and is able to translate these into a solid business strategy.