I realise that this may be somewhat late in the day to be starting a blog about web application security, especially given that you would expect all of that stuff to have been sorted out by now. But two pertinent facts are that (a) I am prone to prolonged periods of inactivity; and (b) I will shortly have a new book to pimppromote. There is certainly still much to say that is interesting and even fun, so please expect future posts to be rather more noteworthy than this one. In the meantime, hello web app world.