Attacks on Web applications are increasing at more pace than earlier. According to a report from the Computer Emergency Response Team (CERT), the numbers of successful Web application attacks have increased in recent years. If Web application attacks continue to grow at this rate, customers' confidence in e-commerce may diminish. As observed by Gartner, rampant attacks on Web applications make customers cautious of making online purchases for fear of leakage of credit information.

When companies fail to recognize application vulnerabilities, hackers attack more freely. Hackers are focusing on Web applications for monetary gains and their attack modes are now more advanced and difficult to predict.

According to a Gartner Report, 75% of attacks today occur at the application level. A survey states that "people are now attacking through applications, because it's easy to attack through application level."

Recent examples exhibit the unfortunate effects that companies have faced after such web application attacks. Companies have borne the brunt of lawsuits, incurred financial losses, lost their credibility and have seen their company secrets siphoned off.

The only way to tackle the web application security risk is to probatively look for vulnerabilities and then fix them. Prevention is always better than correction. Organizations should focus on identifying the risks that can
. dismantle its core business drivers
. hamper the survivability of its mission

Shatrughan Rai is Sr. QA Engineer at Xpanxion International Pvt. Ltd. Handling quality assurance activities viz. Functional testing, Security testing, Database testing. He also works as an internal auditor for ISO (9001:2008) etc. He has 5 yrs of experience in the field of quality assurance, ISO process setup, internal auditing and CMM-IV process compliance assurance. Shatrughan has completed his Engineering in Computer Science from Pt. Ravi Shankar University, Raipur, Chhattisgarh, India.

Pravin Mukhedkar is Program Manager at Xpanxion International Pvt. Ltd. Handling various responsibilities viz. Program Management, Account management, Process consultancy, organization wide initiatives etc. He has worked with MNCs like Syntel, Datamatics, Tech Mahindra and Infosys in various capacities. Has over ten years of experience with various responsibilities ranging from Developer, Test Management, Team leader, Project Manager, Mentor for SCRUM framework, Assessment team Member for CMMI® assessment, Internal Auditor, Quality Manager. Pravin has completed his engineering in Computer Science from Mahatma Gandhi Mission College of Engineering Nanded, Maharashtra, India.