A web application security breach means different things to different people. To some it could mean having attackers exploit a vulnerability that allows them to deface their website. To some it could mean cracking web passwords – or capturing them over an unsecured wireless network – and using the account credentials for ill-gotten gains. While others might define a web application security breach as having malware planted that infects visitors to their website.
As with physical disasters, health problems and the like, everyone has their own definition of “bad”. Regardless of how you view website breaches, you need to understand the threats, the known weaknesses and the potential for risk. Often the people who are disconnected from one or more of these components are the ones who get bitten. Their guard is always down and that’s exactly what the bad guys are looking for.