Hackers are concentrating their efforts on attacking applications in your website: 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Web applications are accessible 24 hours a day, 7 days a week and control sensitive data such as customer details, credit card numbers and proprietary corporate data.
Firewalls, SSL and locked-down servers are futile against web application hacking
Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications are often tailor-made, therefore tested less than off-the-shelf software, and are more likely to have undiscovered vulnerabilities. Manually auditing a website for vulnerabilities is virtually impossible - it needs to be done automatically and regularly.