Seemingly trivial pieces of information, if leaked, can be used to attack a Web application. Preventing information leakage is a nontrivial task, especially when Web developers face release deadlines. There is no quick and easy way to block information from being leaked. The only way is to stand in the hackers' shoes and look at the Web application the way a hacker does. Although we leave source sifting behind with this chapter, we revisit some of its concepts when we discuss e-shoplifting and session hijacking.