Custom web applications are a common security target. Web application attacks launched on port 80/443 bypass all firewalls, OS, and network level security, going directly to your installed applications and business data on your network. Dynamic web technologies like AJAX and application communication delivered by SOAP or similar web services are also particularly vulnerable to malicious manipulation. In short, the more complex a technology is, the more likely it can be hijacked to perform really intrusive, damaging actions. Consequently, regulatory organizations like PCI, FFIEC, NERC CIP, and FISMA now mandate a company secure all web applications from potential attacks. Cautela Labs has developed a service focused specifically on this space focused on Web App Vulnerability Scanning and Web Application Firewall.