Over the past 18 months or so, websites have replaced email as the main source of risk for being attacked by a hacker. Websites are rich targets for bad guys because most organizations have taken significant steps to "harden" only internal applications. Very little thought, however, is being put into web-development initiatives from a security standpoint while these apps are being built. Security is typically an afterthought that is bolted on after the Web application has been built. The biggest problem is designers aren't building walls within Web applications to partition and validate data moving between parts of the system. Khalid Kark, senior analyst at Forrester, tells InfoWorld, that as a result, most websites can be easily hacked. It is an issue that is being taken on at the Open Web Application Security Project (OWASP). The organization has released a report entitled "The Ten Most Critical Web Application Security Vulnerabilities." 

Read about their findings:
- in the article in Infoworld