Whether it be web services, software or APIs, each allows applications to expose programmatic interfaces that can be used by applications. These web services are often hosted on an internal network, but with the increasing popularity of mobile or web applications, many web services are being exposed to the Internet. These factors individually or combined, increase the number of threats targeting your information, meaning they should be included in any vulnerability analysis.
Web applications (webapps) are increasingly the target of attacks, as the world relies more and more on the internet. Much like how traditional software is built with the best intentions and by software developers with varying skill sets, there will always be hackers that will try and find some flaw, no matter how small or trivial.
In light of this fact, there have been respectable organisations that outline industry standards and guidelines for webapp best practices. Such guidelines practical attempts at mitigating the attack surface webapps.
Mobiles & VoIP
Mobile applications are universal and cross platform (i.e. Android/Apple) and are often used to access corporate information and functionality. Due to this, mobile applications can present serious security exposures, including insecure storage and transmission of corporate information or exposure to these same elements due to platform-specific vulnerabilities on hand-held devices.