Application development and delivery (AD&D) professionals must keep security front and center when they're crafting apps that run outside of the firewall. Otherwise, they risk finding their brands plastered across the headlines and their customers fleeing in droves. A multitude of tools exists to help validate app security post development, but that's not enough. In this report, we'll show that a dev team's awareness and skills in delivering on its app's security requirements are critical from the very beginning regardless of the security tools it uses.