As a result of mandates, e-gov and e-com initiatives, web applications are being rolled out with increasing speed and frequency. Naturally a new set of security concerns accompany these (see F1sh's talk last year) but there's a real challenge in the area many don't see: Incident Response. Come learn how web application attacks can frustrate your IR efforts, and some simple best practices you can take to be more prepared for the inevitable attack and subsequent IR and forensics. This talk will identify the issues surrounding web app incident response and things to look for during an investigation. We will also examine some things that should be done up front to lower your attack surface and provide an investigator the best evidence.