After performing hundreds of web security assessments youre bound to encounter many frighteningly insecure websites. Websites so badly protected you could literally make off with the credit card numbers in a way reminiscent of the movie Gone in Sixty Seconds. On the other hand there are many websites frustratingly impervious to attack. What Ill describe below are the subtle variations between the security "haves" and "have-nots". Using the age old "80/20 rule", well look at a few techniques anyone can use to decrease the risk of their website being hacked. And to make it really easy you wont have to alter a single line of code! But before jumping too far ahead lets first discuss the 80/20 rule.
