This talk will focus on some of the most common mistakes (e.g. the top 5) that application developers make and how penetration testers can easy spot and exploit them. Using programming methodologies like SecureDevOps can mitigate many of these risks. It will not necessarily focus on OWASP or similar lists, but it will loosely parallel those and explain how developers can (and should!) change their methods to more secure practices.