Good article on the fact that many organizations rely too heavily on Penetration Testing (AppScan, Web Inspect, Etc) and not enough on other technologies.

A good approach towards Application security is multi-faceted. Whitebox, blackbox, and various other techniques INCLUDING training your developers!

read more on this article by  clicking here