Security is becoming quite the thing nowadays, everyone wants to have some. The mantra that things should be built with security in mind and can't be plastered on later is a very important one, whether you are established or if you're based in Silicon Valley and are about to write "the new hotness". However, what happens if your company is older than say, 6 months? You will already have some legacy systems and code. I'll be talking about how it's possible to unearth some of the security issues you may face, how to stop them happening, what happens when you do uncover them, and coping strategies for dealing with them.