Just as with a traditional desktop application, web applications have varying levels of risk. A personal home page is much less risky than, for example, a stock trading web site. For some projects security, software bugs, etc. are major issues. If time to market, or technical complexity is a concern, documentation, test planning, change control, requirements analysis, architectural description and formal design and construction practices can mitigate risk.