Security professionals understand the importance of finding and eliminating application vulnerabilities. Yet, based on the rate of exploitation of vulnerable websites, it appears that web application protections have been neglected, because of underfunding or lack of focus. Convincing management to spend on something as ethereal as security requires metrics and tools that demonstrate the efficiencies that secure web application management provides. This paper will:Provide tools and techniques that demonstrate need for better application security;.Help determine the appropriate level of investment.”]

