Since late 90s, the need forto adaptabilityadapt to business challenges transformshas thetransformed software development into awith componentization of software.<ref>
Following the flawflow of data amongbetween all the components of an application or group of applications allows tovalidation validate thatof required calls to dedicated procedures for [[Code_injection#Preventing_problems|sanitization]] and that proper actions are taken to taint data in specific pieces of code.<ref>
{{Cite journal
|last1=Livshits|first1=V.B.
Line 181:
|doi=10.1109/SP.2006.29
|isbn=0-7695-2574-1
}}</ref>.
The rise of web applications implied a focus onentailed testing them: it is reported by Verizon Data Breach reports that 40% of all data breaches{{when}} were achieved usinguse web application vulnerabilities.<ref>{{cite web |url= https://enterprise.verizon.com/resources/reports/2016/DBIR_2016_Report.pdf |title= 2016 Data Breach Investigations Report |date = 2016}}</ref>.
AtAs thewell opposite ofas external security validations, there is a rise in focusingfocus on internal threats. It is reported by theThe Clearswift Insider Threat Index (CITI) has reported that 92% of their respondents in a 2015 survey thatsaid they had experienced IT or security incidents in the pastprevious 12 months and that 74% of these breaches were originated by insiders.<ref>{{cite web |url= http://pages.clearswift.com/rs/591-QHZ-135/images/Clearswift_Insider_Threat_Index_2015_US.pdf |title= Clearswift Insider Threat Index (CITI) |date=2015}}</ref>. Lee Hadlington categorized internal threats in 3 categories: Maliciousmalicious, Accidentalaccidental, and Unintentionalunintentional. Mobile applications' growingexplosive explosivelygrowth implies securing applicationapplications earlier in the development process to reduce malicious code development.<ref>
