Just in case you thought web security was easy...
Here’s a great article from Thomas Ptacek at Matasano entitled: Typing The Letters A-E-S Into Your Code? You’re Doing It Wrong!
I’m not a web developer, but I certainly understand having a nuanced problem like that of web security. It’s interesting to see the plethora of ways in which you can screw it up hard.