With all the chatter about the performance and scalability of an application, and the best practices to ensure an application is stable in the enterprise environment, we have covered a lot. We got to learn about how important the user experience is to make an application successful inside an enterprise. But do you think we are missing something here?

Imagine that we had all the components for building a successful enterprise application and that we were able to make it scale, while also providing a decent response time to the user with the fewest deviations from the expected behavior. However, it's easy for anyone to just access the records from our application. What if there are loopholes that allow a user to gather sensitive data from the application without even performing a login? Yes, that's the missing link: the application security. Inside an enterprise, the security of an application is a really big factor. An application that is not secure may leak sensitive and confidential data to unintended parties and can also wreak legal havoc on the organization.

Application security is a big topic and even a 500-page book might not be enough to cover the topic in depth. But over the course of this chapter, we will go through a quick primer of how to handle application security and make our users feel secure while using our application.

As a reader, by the end of this chapter, you will have learned about the following:

• The importance of enterprise application security
• Different types of attack vectors that are used to breach application security
• Common mistakes in application development giving rise to breaches
• Making your application secure