Current web applications exist in an environment markedly different from the early days of businesses entering the Internet. They have become essential tools interconnecting organizations in ways never anticipated when the first web browsers were designed. These changes have occurred so rapidly that, in many ways, we've failed to adapt operational processes to meet current needs. This is particularly apparent with web application security, where although most organizations have some security controls in place, few organizations have comprehensive web application security programs.
This detailed report shows how to build a pragmatic web application security program that constrains costs while still providing effective security.