We cannot hack or firewall our way secure. Application programmers need to learn to code in a secure fashion if we have any chance of providing organizations with proper defenses in the current threat-scape. This 120 minute lab-workshop-bootcamp will discuss, demonstrate and interactively work with participants regarding the most important security-centric computer-programming techniques necessary to build low-risk web-based applications. We will then demonstrate attack techniques that bypass even some of the most modern web application defensive coding techniques and security standards. All digital copies of all course ware will be provided. Our session includes: 1) HTTP Basics and Introduction to Application Security 2) Input Validation 3) SQL and other Injection 4) Access Control Design 5) XSS Defense 6) Advanced XSS Defense 7) Authentication and Session Management 8) CSRF 9) Secure SDLC and Security Architecture 10) Crypto Basics 11) Crypto Advanced 12) Mobile Security Basics 13) Webservice Security 14) Safe JSON parsing and sanitization