In this talk I will present a few quick tips on making your web applications more resistant to common attack vectors, without putting a lot of effort in. In some cases, simply adding a line to a configuration file can completely prevent entire classes of attack from being viable. We'll take a look at hardening against XSS, SQL injection, clickjacking, password cracking, and a few other bits if there's time. With any luck, you'll make my job a bit more difficult.