Today more than ever, https support is a requirement if you care about your users' security and privacy. This talk will overview real threats to web applications served over HTTP, what TLS protects against (and doesn't), and some common implementation myths and gotchas.