With all of the viruses, worms, and theft that appears to be rampant in cyberspace today, securing applications has been thrust to the forefront of application design. Software architects cannot ignore the threats that exist to an application and the data that drive it. These concerns are especially true for enterprise applications that will live on the corporate network and most probably will leverage the Internet in some way. Additionally, government legislation is demanding that enterprise applications either meet certain security criteria or cease to exist. I have been in more than one company that feared it would have to “turn off” production applications because of new, more rigorous security audits.