Web application security. Everyone knows how important it is (and if they don’t, they should) and yet the complexity of managing services that provide it often result in, shall we say, less than holistic coverage of applications. At least that seems to be the case given some rather disturbing statistics around the rise of bots and malware, which can often be deposited thanks to some overlooked or obscure web application vulnerability. Some in the application itself, others in the platform (remember Apache Killer?), and still others in the protocols used by just about every web application in existence (HT to Heartbleed).