The rise in advanced Web-based technologies has created vast new opportunities for collaboration and interactivity. Just a few years ago, blogging was a niche application, and "user generated content" and "mash-ups" were not in our vocabulary. Modern websites have enormous interactivity and often combine "best of breed" software and content to create a rich user experience. A single website may now be sourcing in ads from a third-party network; using third-party "widgets" to provide user functionality (such as polls or the ability to share with friends); and accepting user submitted comments, photos and videos. As the web offers more and more functionality and rich user experiences, there is an overall trend of applications moving from the desktop to the Web (through software as a service model).

The emergence of interactive, dynamic web applications, as well as the tendency of websites to combine “best of breed” software and content, has enormous implications on web security. Attackers are now targeting the medium where users spend the majority of their time-namely, websites and web applications, rather than traditional email and desktop applications-to propagate viruses and malware. Attackers take advantage of the interactivity, interconnectedness, and interoperability of the web to exploit "structural vulnerabilities" to increase the footprint and effectiveness of their attacks.