When you hear talk about Web application security, there is a tendency to immediately think about attackers defacing Web sites, stealing credit card numbers , and bombarding Web sites with denial of service attacks. You might also think about viruses, Trojan horses, and worms. These are the types of problems that receive the most press because they represent some of the most significant threats faced by today's Web applications.
These are only some of the problems. Other significant problems are frequently overlooked. Internal threats posed by rogue administrators, disgruntled employees , and the casual user who mistakenly stumbles across sensitive data pose significant risk. The biggest problem of all may be ignorance.
The solution to Web application security is more than technology. It is an ongoing process involving people and practices.