If you build web applications you now have a huge responsibility: everything must be tested and secured. But how do you test and secure legacy applications or how do you get started with a new project using test-driven techniques to maximise quality and security without investing too much time in it. In this workshop we will start with a clean project and build a simple catalogue application using test-driven and security-hardened techniques to achieve our goal. Once we have achieved our goal, we're going to apply the same on a legacy application.