Software applications are often the weak point in an organizations’ security. Their complexity, coupled with the inevitable business pressures during development, means security can be overlooked.

Organizations are understandably focused on ensuring that business-functional requirements are delivered by the development teams; time-to-market can be critical for application development. In this environment, it is all too easy to overlook critical flaws in design, code implementation, or underlying vulnerabilities in the commercial components that are an integral part of the application or the environment in which it operates. Attackers are only too aware of the potential weakness in applications, and application level attacks are still one of the major sources of unauthorized access to, or misuse of, systems today. By nature, they bypass traditional defenses, and are extremely difficult to detect. There is a delicate balance to be struck between functional requirements, business needs, and security risk.