Application security is at the heart of Payment Card Industry (PCI) security standards and requirements. Identity theft, data leakage, phishing, SQL injection, worms, and botnets just scratch the surface. Application security needs to be taken seriously and this means, investing the time, effort, and resources to do it right. PCI DSS requirement 6.6 requires organizations that process credit card transactions to address the security of web applications, either via manual or automated source code reviews or vulnerability scans, or via the installation of a web application firewall.”]