We may take a lot of efforts in securing the application. However applications cannot work in isolation. Running an application, requires a lot of supporting components such as web server, database server, and more. If the application isn't securely configured with all these supporting components, many vulnerabilities will be opened for potential attackers. So, the application should not only be developed securely, but should also be deployed and configured securely.