Web security is important because there are over 2.7 billion internet users whose privacy must be protected in order to maintain trust. Web attacks occur prominently every week. Security is difficult because software is complex, the web was not designed to be secure, and casual users are often oblivious to security risks. Developers must consider security throughout the entire lifecycle of software and avoid writing their own security controls which can lead to vulnerabilities. Various tools like WebGoat, THC-Hydra, webscarab, Nessus, w3af, and xsssniper can be used to automate attacks and help developers understand common vulnerabilities.