Have you ever wondered about how it comes to security incidents? I mean the really big ones like someone accessing a remote host, or executing some nice scripts inside your browser? In this session I want to show some of the most common pitfalls into which especially junior developers fall. Specifically, I want to cover the following frequent mistakes, and more: * Missing Input Data Validation: Certainly a big one, since depending on the environment, this could lead to for example remote-code-execution (RCE) on your backend, or the execution of scripts in your browser, known under the term XSS * Improper Usage of Data Types: One of my favorites, since it highlights how careless we sometimes use data types without reasoning about the consequences of our choices. * Revocation processes: Unfortunately, as developers we build a system to run in a happy world, most of the time. But how do you deal with the revocation of a malicious entity? * Denial-of-Service through service crashes