During the summer of 2007, I was hired on to develop a system for reviewing the applications of potential students in the <a href=’http://education.washington.edu/’>University of Washington College of Education</a>. The unusual part of the system was that rather than use a local database, the system would draw information from a web service provided by the UW Graduate School.</p><p>The use of <a href=’http://en.wikipedia.org/wiki/Representational_State_Transfer’>RESTful web services</a> was still relatively new at that time, but it allowed the application that I developed in PHP to interact with a data source running Microsoft SQL Server by using XML.</p><p>The data had to be handled securely due to it being subject to the Family Educational Rights and Privacy Act (FERPA). To accomplish this, I worked with the campus <a href=’http://www.washington.edu/wasp/’>Web Application Security Peer working group (WASP)</a>, learning best coding practices as well as learning to avoid common security pitfalls. I was an active participant in the group for the duration of my time at UW, helping with code reviews and engaging in education campaigns to inform fellow developers on campus about security issues. Web application security remains a focus of mine today.