In 1970, engineers blew up a whale. No, really, they did, and they thought it was the best idea to solve a rotting carcass problem. While this example doesn't appear to be related to application security, we see this misunderstanding or disregard for results quite often as we test. In this presentation, Kevin Johnson of Secure Ideas will walk attendees through various tests from his career as an application penetration tester. These examples will include the problems Kevin and his team found and the techniques for finding the issues in your applications. After listening to the presentation, the audience will understand the flaws, how they are misunderstood, and how to look for them in their own software development practices.