Pick your favorite cliche or metaphor you’ve heard regarding the Web. The aphorism might carry a generic description of Web security or generate a mental image of the threats and risks faced by and emanating from Web sites. This book attempts to cast a brighter light on the vagaries of Web security by tackling seven of the most, er, dead-liest vulnerabilities that are exploited by attackers. Some of the attacks will sound
very familiar. Other attacks may be unexpected, or seem uncommon simply because they aren’t on a top 10 list or don’t make headlines. Attackers often go for the low-est common denominator, which is why vulnerabilities such as cross-site scripting (XSS) and Structured Query Language (SQL) injection garner so much attention.
Determined attackers also target the logic of a particular Web site – exploits that result in signifcant fnancial gain but have neither universal applicability from the attacker’s perspective nor universal detection mechanisms for the defender.