Application security testing has been around for a long time, yet applications continue to be a lucrative target for attackers. CIO magazine summarized the top attacks in, “What is a cyber attack? Recent examples show disturbing trends.” Four of the top six attacks were application based. One of the most infamous, WannaCry, exploited a vulnerability in Microsoft Windows using code that had been secretly developed by the United States National Security Agency. Microsoft had already patched the vulnerability a few weeks before, but many customers had not updated their systems. Similarly, the Equifax attack was targeted at their website application by exploiting a known vulnerability in common third-party code (Apache Struts2). The flaw made it possible for the attacker to send malicious commands that enabled access to files with sensitive data.