The World Wide Web is the growth engine of our decade. Because the Web has the power to make everything available to anyone, anytime, where ever they are, through which ever device, even century-old businesses are adopting Web-centric business models. Government information systems are also becoming Web-centric because they, too, realise that technology allows them to meet and exceed the expectations of citizens with lower budgets. In essence, Web applications have become vital to almost any organisation, but these applications can be dangerously weak links in the network security perimeter.
Google and Amazon are well-known examples of companies that rely almost entirely on Web applications for their business; Netflix is showing the way in the home entertainment industry, and even grocery shopping is becoming Web-centric. Social networks, such as Facebook, have introduced gaming (e.g., Farmville), image sharing (e.g., Instagram), and other Web applications that give insight to users and their activities. Businesses are increasingly adopting social media into their marketing strategies. At the same time, services like ICQ or MSN Messenger (that are much more powerful, but require additional software to install) are losing popularity. More and more hardware devices—from industry equipment to telephone systems—are supplied with administrative Web interfaces. Ceridian Payroll & HR and Salesforce CRM are examples of essential and highly sensitive systems built on Web applications.
Since the 90s, we have seen a steady proliferation of Web application vulnerabilities. As soon as system administrators and developers acknowledge one attack vector, a new attack vector is already being developed by hackers. Security research labs and vendors are implementing extensive testing methods to find and patch vulnerabilities.