There are different ways to ensure confidentiality, integrity and availability of your business-critical information. Some of them result in high costs but don’t protect your sensitive information; others could be easily implemented and address the cause of security flaws.
Firewall and infrastructure security measures like protection against denial of service attacks are highly recommended. But, when it comes to the most frequent attacks, the biggest chunk is application related and cannot be identified at the infrastructure level.
According to the security research industry over 75 % of hacks used the application layer. Therefore, software developers and security experts need to secure their business-critical applications at the root, the source code. Only when the critical security vulnerabilities, such as OWASP Top 10, were eliminated during software development could the application security risk be reduced to an acceptable level.
It is highly recommended to make application security testing or secure code analysis part of your development chain. Be proactive and avoid critical data loss!