Were there any significant findings in the 2012 Verizon Data Breach Investigations Report that indicate what is or isn't working in Web application security? Other than "Get a Web application firewall," what did you see as the important takeaways from the Verizon report?