University web applications process and store large amounts of sensitive information and act as proxies to critical internal systems. Care must be taken during development to ensure the integrity and security of those systems and information. This presentation will discuss the Open Web Application Security Project's Top 10 web vulnerabilities, covering cross-site scripting (XSS), injection attacks, information leakage, and session management, among other topics. This talk will feature live demonstration of attacks and how to protect against them.