In light of breaches in Web application security worldwide, the importance of catching potential areas for intrusion is necessary at the beginning. Performing application vulnerability testing during production (and not after a breach has been detected) can save a company thousands of dollars. The only way to ensure the highest level of security is to build it in from the outset.

We all know we're supposed to back up data. Sometimes we might actually do so. Backing up your data is important, and yet it is often a neglected part of using computers. Data can be lost rather easily. Human error, a virus, or simply a computer crash can wipe out important documents, photos, contact lists and more.

If you are a merchant that processes credit cards, then you are probably already well aware of PCI compliance, but you may not be sure how web application security fits into the picture. You may also have heard that starting in June 2008, section 6.6 of the rules for PCI compliance will go from a "best practice" to a mandatory requirement (if not, it''s time to pay attention!), but you might not know what this means for your business. The fact is, in a perfect world you already have in place what is necessary to be compliant with not only section 6.6, but PCI rules as a whole. This is because ideally, you would have handled your web application security practices from the start, as the applications are built, so that you are not scrambling to add security to existing applications. Unfortunately, this is often not the case - which makes now a great time for businesses to reevaluate their web application security processes overall.

Have you ever been surfing the web and come upon Internet advertising that provides a direct solution for something that you've been researching lately? Did you think that it might be related to your computer cookies, or did you chalk it up to serendipity?

According to the FBI, identity theft is "The fastest growing crime in America." As many as 10 million Americans every year are victimized by it and the costs are estimated at 50 billion dollars annually. Many criminals get off easy while the victims spend years working to restore their damaged credit reports and reputations. Worse yet, there seems to be no end in sight.

Computers affect the way we live, communicate, work, and entertain today more than ever before. So, the information stored on them becomes very significant. Loosing data from your hard drive is at least unpleasant, but in some cases also very expensive. At the same time, not all of us take measures to protect their data. Moreover, day after day we hear about alarming accidents of data loss. But why reliable backup strategies are not as much widespread as data crash accidents. Perhaps, because people have some wrong notions about backup software and about the problem of data loss in general.

If you connect an unprotected computer or computer without any security software to the internet, cyber criminals, hackers or identity thieves can attack your computer within seconds. So, to avoid such security problems and identity theft, you should have security software with at a minimum, firewall, antispyware and antivirus protection.

To understand and then combat a brute force attack, also known as a dictionary attack, we must start by understanding why it might be an appealing tool for a hacker.

To a hacker, anything that must be kept under lock and key is probably worth stealing. If your Web site (or a portion of it) requires a user to login and be authenticated, then the odds are good that a hacker has tried to break into it. In terms of processing power, it is expensive for a Web site to require authentication, so it is usually only required when the site stores valuable private information. Corporate intranet sites can contain confidential data such as project plans and customer lists. E-commerce sites often store users' email addresses and credit card numbers. Bypassing or evading authentication in order to steal this data is clearly high on a hacker's priority list, and today's hackers have a large library of authentication evasion techniques at their disposal.

Sometimes the easiest thing seems nearly impossible – especially when it's something we've already decided beforehand is too difficult to even attempt. With me, that turned out to be the .htpasswd file and all the accompanying "mystical, technical whatevers" that also went into making one. But, much like the Seuss's tale of Green Eggs and Ham, once I finally actually looked into it – and found the right tools and a couple of good examples – it turned out to be relatively simple. Yes, even you can do it!

“Oh my God, I’m never doing anything on-line again!,” is a common reaction to one of my web application hacking presentations. Recently I’ve been demonstrating how easily the average website or user can be hacked. No doubt scaring audiences has a certain mass appeal and gets people to pay attention to why the right security practices are of vital importance. People frequently ask if I still bank or shop online (of course I do), or how they can protect themselves when they do. For those who are not experts in computer security, here are my top 5 tips to a safer online experience (in addition to having firewalls, anti-virus, and patching diligently).