Recent research suggests the average user has some 70 or 80 online accounts. Business users may have twice that number. This simply demonstrates the huge volume of web applications along with an exponential growth of the number of transactions. To that extent, proper Security Testing of Web Applications now an essential aspect of an organisations web presence.
Ultimately the aim of Application Security Testing is to check whether the confidential data stays confidential or not (i.e. it is not exposed to individuals/ entities for which it is not meant for) and the users can perform only those tasks that they are authorized to perform.