Web Application Security
is an essential component of any successful project, whether open source PHP applications
, web services such as straight through processing, or proprietary business web sites.
Hosters (rightly) shun insecure code, and users shun insecure services that lead to fraud.
If done from the earliest stages, secure applications cost about the same to develop as insecure applications, but are far more cost effective in the long run.
Unlike other forms of security (such as firewalls and secure lockdowns), web applications have the ability to make a skilled attacker rich, or make the life of a victim a complete misery. At this highest level of the OSI software map, traditional firewalls and other controls simply do not help. The application itself must be self-defending.
All forms of web application security issues, from old hoary chestnuts such as SQL Injection, through modern concerns such as AJAX, phishing, credit card handling, session fixation, cross-site request forgeries, compliance, and privacy issues.