Everyone loves to make their own web apps. And it's very common for senior computer security undergraduates to design a web app for their capstone project. A couple of weeks ago some friends of mine were finishing their's, and asked me to take a look. Like all others interested in infosec, I instantly turned to input validation with a bit of header manipulation. I'd say it's common for most infosec students to do the same. It's ironic that I am still hosting legacy web apps (that I've built) which have not gone through similar critiques. Like most others, I designed them a while back, they worked, and I was proud; so I called them completed and moved on.