The one thing that has been proven over the last couple of years is that even though the web is a wonderful place it can be dangerous as well. You will have different types of bad guys from around the world trying to get into systems where they don’t belong. And they will use any method that they can to achieve those goals. That is why you have to be on guard at all times because you never know how they are going to try and get in.
When you have anything that is connected to a public server it pays to make sure that it is safe from outside influence. This is especially true for the new generation of web 2.0 applications. The bad guys are able to find holes in these types of systems all of the time. That is because a lot of people who make web 2.0 software are not aware of the many holes that can become publicly available because of their applications. Sure they might know about an SQL injection or a XSS attack but those are only the basics that you should be worried about. There are many more attacks that can come against your web app.
This is why you need a professional pen tester to come and test your app and the server that it is on. The words pen tester means penetration tester. Their job is to function like they are a black hat hacker and try to penetrate your system. If they are successful then that means you have a hole or two that you need to patch up quickly. If they are not successful then that means you have successfully secured your web app or that they just only covered the basics. Most pen testers are true professionals so it most likely the former.
Web apps tend to have a lot of security holes in them. Make sure yours is safe by bringing someone in to test it. It is better to be safe than sorry.