Why Web Application Security
Websites, web applications, and web servers are prime cyber-attack targets. Some of the most common types of attacks on web servers include SQL injection attacks, cross-site scripting (XSS) attacks, and DDoS attacks. So how can you defend against these? There are two main approaches that can help: developing applications to make them more resistant to attacks, and protecting applications using specially designed web application firewalls.
OWASP has been very active in defining techniques for writing web applications that can make them more resistant to such attacks.
However, not all applications are written with these guidelines in mind, so it's very important that web servers have IPS, IDS, and standard firewalls in their network to prevent attacks as well. Unfortunately, those appliances will not able to prevent XSS attacks, SQL injection, or web session hijacking if your web applications are vulnerable to those kinds of attacks. In order to adequately protect web servers and applications, therefore, you should consider adding specialized web application firewalls to your network.