That's good advice, and we already do all this--controls for regular system updates, definitions updates, input sanitizing, firewalls, permissive IDS, user access controls, backups, a disaster recovery location, quality control procedures, and periodic reviews for everything mentioned above all controlled by 2 system admins who have combined more years experience than years I have walked this planet. To continue with the war analogy--we want to make sure we're secure within our gates/borders. I know this is in fact a process, and I'm wondering just what tools are out there to test scripts/code for vulnerabilities (XSS, injection attacks, etc.).