For financial institutions, the risk of doing business on the Internet has recently changed somewhat dramatically as attackers increasingly target the users of such institutions directly, thus bypassing the hardened security infrastructures of these institutions. Electronic attackers and cyber criminals have strategically shifted the security playing field to one clearly in their favor - exploiting the lack of security knowledge on the part of the vast majority of users and a large footprint of potential vulnerabilities, tools, and code to leverage and exploit. As customers, investors, and governments hold insecure companies accountable, these companies are being held liable for client side and user social engineering vulnerabilities. Being able to find and counter these threats must become a business imperative. This is especially true of financial institutions; people will not keep their money where they think it’s unsafe regardless of the technical specifics. The mere appearance of lax security could easily encourage otherwise satisfied customers to switch to a competitor that appears more secure. As if the choice of playing field hadn’t already stacked the deck against the network’s defenders, the lack of tools, time and expertise make it a truly daunting situation indeed. None of this information is new, nor is the security cliché that there is no absolute security, but novelty doesn’t imply or confer truth or effectiveness – the only absolute in security is the need for diligence. Along these lines, Cenzic believes it can assist large institutions in their efforts increase security diligence in the area of Web application security, generally, as well as, specifically, in regards to the Cross-frame Scripting Vulnerability in Internet Explorer discovered by iDefensei.