Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content which are accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases. A time to time penetration testing will help to be ahead of the hackers.