Web Application Security: An Overview
Web developers typically do not have any formal training in the area of security and their priorities usually lie elsewhere. Business functionality and meeting tight deadlines are typically the focus areas of developers and security is often forgotten, or at most, an afterthought. This leaves the door wide open for attackers to discover vulnerabilities and exploit them to gain access to sensitive data.