So far, this book has attempted to make sure that an application is secure and that all attacks are futile. In theory, our websites are now in good shape. But, as the famous saying goes, “in theory there is no difference between theory and practice, while in practice there is” (incorrectly attributed to various sources, but Benjamin Brewster coined that first in 1882: https://quoteinvestigator.com/2018/04/14/theory/). Something will always go wrong eventually, and the application needs to be prepared for that. Note that this is the first chapter in the book that does not start with a specific attack or case study. Instead, the topics covered here are an important ingredient of a holistic security strategy, without specific attacks assigned to them. This trend will continue throughout the remainder of the book.