This document discusses three cases of web application security breaches and the countermeasures that could have prevented them. Case 1 describes an SQL injection attack that allowed access to credit card data. Parameterized queries and limiting database access could have prevented it. Case 2 involves compromising a Twitter account by guessing password reset questions, demonstrating the risk of sending passwords via email. Isolating admin interfaces could help. Case 3 details how stolen credentials were used across multiple sites due to weak passwords, ultimately compromising personal accounts. Unique, strong passwords and multi-factor authentication are recommended.