In the world of information security, small businesses and the security needs of small businesses are often overlooked, particularly in the realm of application security. When looking at the investment required to build a robust application security program, it really doesn’t make sense financially. For example, an “enterprise” scanning tool, combined with the required hosting infrastructure, salary for a security specialist, and for the sake of argument, tack on static analysis, the total cost will easily exceed $120,000/year, which is decidedly cost prohibitive for a lot of smaller companies. This presents a significant problem due to the fact that as an attacker, well, hacking the little guys is easy. Simply put, when it comes to handling attacks and incidents, small companies are at a significant disadvantage as they frequently lack a dedicated security team, let alone one security specialist. So what’s the best way to maintain a secure infrastructure without breaking the bank?