It is surprising that we have not solved this problem nowadays, this is an old problem that almost every security expert knows but as we can realize to fix it is not as simple as it initially could seem. This problem becomes more complex when you have a network of hackers (security experts) and cyber-criminals exploiting those vulnerabilities and publishing them on the Social networks so after that happens the problem has two slopes reputational and security.
Finally, that we do not protect successfully our web applications could involve that we are exposing our customer, employees or sensitive information out there with a cost or impact for our company.
Can we assert that our web application is secure?
Verizon's widely followed Data Breach Investigation Report shows that web application attacks are now the leading source of breaches, up 500 percent since 2014. Meanwhile, according to Gartner, businesses are still spending 95 percent of data centre security budgets on perimeter security – so less than five percent is spent on securing directly against web application attacks. This balance needs to shift. As much as perimeter or end-point security are needed, there needs to be a seismic shift of focus to investing in protection for web applications across their full infrastructure stack.