Computer security talks are too often filled with theoretical computer scientists telling us about how the end is nigh. Don’t get me wrong, I love knowing the nitty details of cryptographic algorithms, but a whole lot of web developers don’t. Digital security is vital and therefore developers need it to be accessible. My aim in this talk is to deliver a set of guidelines for developers to easily boost security in their web apps and hosting environments. Web security is not just important in safeguarding your existing clients, but vital in attracting new clients. As computer security is often about making yourself less vulnerable than everyone else, I aim to explain how a few small changes to your workflow can dramatically improve security.