Web Application Development is a craft, and like all craftsman I sought to produce the highest quality code I could as well as help the other developers around me produce higher quality code as well. I worked on my coding skills diligently and never stopped learning or practicing. And eventually I got my first introduction into the world of web application security. It was this that started me down a path of realizing that security and secure coding practices are an integral part to code quality. In this presentation, I will share my journey from developer to penetration tester, while pointing out the important lessons learned along the way. I will also be sharing tips an tools to help practice and hone your skills as well.