As IT ecosystems evolve, so do attackers. Exploitation can happen anywhere across the modern attack surface, from on-premises and cloud infrastructure to web applications. So the scope of your vulnerability risk management (VRM) program can no longer be limited to critical infrastructure.
Web apps have grown in complexity and volume over the past several years, while also becoming the attack vector of choice for threat actors capitalizing on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your testing strategy to practices and languages utilized by your development team. In short: Managing your overall risk must extend to weaknesses in your applications and APIs, not just the structures on which they’re built.