In this chapter, we introduced some solutions to dealing with user application security. We have spent the past 30 combined working years trying to secure servers and networks, not necessarily user applications. Therefore, our approach to user application security has often been to try to protect the servers from the user apps. This is not necessarily a bad idea, but it means that we have a lot more to say about server security than client security. It also means that we take the stance that user application security is a race between users' desire to see dancing pigs and your ability to stop them. Virtually all the things we have discussed in this chapter have been based on the principle of making the dancing pigs more difficult to access. In the end, however, we must say that there are two things more important to us than user application security. The first is user educationwithout educated users, nothing in this chapter will protect you. The second is server securitywithout server security, your servers are subject to whatever bad things can be done from the clients . You need to build a risk management plan that weighs and trades off between all those components .