Web application security is always never far from the headlines in the computer security world. Makes sense really as the Internet is largely based upon websites. Those very same websites are more often then not the focal point of many attacks from various miscreants, both skilled and unskilled. Not just the websites themselves either, but often the back-end databases that support them. There is an incredible array of skills, and knowledge that one needs to be good at before you can competently practice web app security.
You need not only know all about PHP, ASP, PERL, Python, SQL, amongst others, but also the protocols that these transactions rely upon. This area of computer security can no longer really be called a niche area. It is becoming larger and larger every year as websites become more attuned to the online threats facing them. You would be a wise person indeed if you began to move your skillset in this direction. Doing web app security is not only fun, it can also be a very lucrative career. Any of you guys do it for a living?