To remain in business, companies rely on perimeter security to protect, among other, their “secret sauce” recipe and the confidential information of their customers. To this end, information security vendors offer different types of defenses. The intent is commendable and the organization then feels confident, warm and cozy behind its firewall. However, there is something fishy. Businesses put up a variety of web applications on the Internet (thus accessible by everyone - including malicious actors) to offer different services. These applications can take many shapes, from transactional Web sites, to mobile applications or Web services. With them, the appropriate security question becomes: beyond securing the infrastructure, how can one defend these applications against hackers? The answer is: the proper design of the application’s source code. There you have it: application security.