Lots get written about security but how do you determine the real risk? In the past, the major weakness was perceived as being network infrastructure. Due to the massive volumes in which infrastructure software is shipped, it is subject to intense testing and validation.
As infrastructure has become hardened, so attackers have turned their attention to a weaker link in the chain: Web applications.
Web applications potentially provide direct access to valuable data. They are typically produced on a one-off basis to meet a particular requirement, inevitably some of these applications will contain security flaws. Once a flaw is found and exploited, the damage that can be done is terrifying!