Web applications account for almost 40 percent of vulnerability disclosures; this makes them a popular vector for attack. Scanning in-house and third party applications throughout the development process can uncover critical vulnerabilities, but it takes time to address flaws that are found. Paul Kaspian, Market Segment Manager, Network Security, and Karl Snider, Market Segment Manager, Application Security, discuss the merits of adopting a multi-layered defense strategy for web applications, combining application security testing with real-time protection.