State of Application Security from an IT manager's perspective