Web application security issues are an imminent and growing threat. Caused primarily by security bugs in an application's code, Web application security vulnerabilities can allow an online banking client to see another client's data. They can let hackers run queries on an application's back-end database, and possibly even take over the Web server itself.

Most organizations leave the discovery of Web application security issues to a dedicated security team, which tests the applications before they go live. Fixing the found issues then requires those teams to push the issues back to developers to perform a full iteration of late code changes, resulting in very high costs to fix what are often the simplest security bugs.

This paper focuses on the role developers can play in solving this problem, and it details how IBM Rational® AppScan® Developer Edition software can enable them to do so.