Understanding technical security risk begins with knowing how and where vulnerabilities occur within an organization. Vulnerabilities can impact every level of enterprise infrastructure from hardware to network to software (both old and new). These vulnerabilities are the gateway that malicious actors use to circumvent security protections and steal or alter data, deny access, and compromise critical business processes. Increasingly, the entry points for attackers are Web applications. Long‑standing vulnerabilities like cross‑site scripting are still not being corrected in development or deployment. Almost half of the Web applications tested during 2012 were susceptible to cross‑site scripting, a threat that’s been around almost as long as the Web itself. 1 Simply put, application developers are not taking care of their data in how it’s stored, gathered, or retrieved.