What is it? Hackers are focused on revenue. In pursuit of this, a significant attack objective has been compromising databases and data aggregations. Miscreants are using tools to find application and web services vulnerabilities.
How does it work? Because of the security industry's collective work on securing operating systems and perimeter defences, hackers are now "moving up the stack" to the application layer. For example, the PHP (hyper-text pre-processor) interpreter and applications written for it have become notorious for their security vulnerabilities and successful attacks. As Web Services 2.0 and Ajax programming gain more traction, security experts and hackers have turned their attention in this direction.
Should I be worried? The application layer is more complex and varied than the lower layers on the stack. Every database, website, form, SOAP interface and other application is vulnerable, even though they may pass a vulnerability scan.
How can I prevent it? Improving training for developers, enhancing discovery and directed assessments of applications, restricting unnecessary functionality, making the use of logs and alarms more judicious, and employing a good incident response plan are all basic security practices.