Every application has to live somewhere - a server, a phone, a device - an environment. Before we start worrying if we have used secure coding practises and avoided common mistakes we must secure the foundation of our application otherwise all our effort in avoiding injection or request forgery and other attacks will be for naught.
Full article