Of course there was a time before ecommerce apps. That would probably explain why I was talking about the very first perl cgis. While there's a lower barrier to entry for people to exploit security holes, there's also far more targets. Automated tools to go around exploiting the latest holes in "insert shitty PHP app here" aren't an issue for web developers who are writing their own apps. The security issues that impact web developers are the same as they have always been for all kinds of developers, input filtering, escaping output, etc. Web developers have always needed to understand basic security issues, it is just that 99% of web developers historically have been completely incompetent. This does not appear to have changed recently.