CHAPTER 1
Welcome to the Wide World of Web Application Security
Misplaced priorities and the need for a new focus
Network security versus application security: The parable of the wizard and the magic fruit trees
Thinking like a defender
The OWASP Top Ten List
Secure features, not just security features
The information technology industry has a big problem—a 60-billion-dollar problem, in fact.
Sixty billion dollars is what the global IT industry spends on security in one year. That’s more than the gross domestic product of two-thirds of the countries in the world. And it doesn’t seem as if we’re getting a lot for our money, either. Every week, there’s a new report of some data breach where thousands of credit card numbers were stolen or millions of e-mail addresses were sold to spammers. Every week, there’s some new security update for us to install on all of our work and home computers. If we’re spending so much money on security, why are we still getting hacked? The answer is simple: we’re spending money, but we’re spending it on the wrong things.