Mike Andrews, a software security expert, was invited at Googleplex to talk about web applications security. The video [ 1 hr 26 min 38 sec] is a part of Google Techtalks.
He talks about common security bugs: spoofing, tampering, repudiation, information disclosure, denial of service, escalation of privilege (STRIDE). He also shows how he bought -3 books from an online software and got money on his credit card, instead of paying. Another interesting subject is how to protect against session ID guessing or stealing and page defacement.
Mike gave examples of fixed security bugs from Google applications, including the Gmail cross-site scripting (XSS) bug.
First seen on Geeking with Greg (sorry, Mr. Linden and thank you for Findory).