Security is hard, yet vital for any software these days. After all you don't want to become the laughing stock on hacker news or cause your company to loose billions in shareholder value. This talk won't turn you into a security specialist over night, but you will learn how to avoid common mistakes in your daily work as developer or administrator. I'm going to take you on a brief tour in secure software design, illustrate various attack vectors, and point you to helpful tools and resources. Topics include threat analysis, deployment, parsing, authentication, TLS/SSL, crypto, and user interaction, with some real life examples from my daily work.