Due to the increased use of web applications as business workhorses and as targets for threat actors, securing web applications is just as essential as the capabilities of the web applications themselves. This paper explores the threats organizations face - from hackers exploiting private data and from their defenses against those attacks falling too far behind.