Web application security matters, even without a compliance mandate

Jeremiah Grossman, the CTO of White Hat Security, has been at the forefront of documenting the dangers of Web application security.

As he points out on his blog, however, state and federal regulations are lagging behind in addressing Web application security, even though many enterprises are increasingly being targeted online. While the Massachusetts data protection law addresses many security controls, as Grossman observes in his blog, there’s nothing in the regulation that specifically addresses the area .

That doesn’t mean that an enterprise might not be held accountable for a data breach that results from a Web application exploit. In the presentation below, which Grossman shared at the RSA Conference, he offers his top 10 Web application security hacks — and some ideas on how to address them.