The web application Hackers Handbook
Second Edition.
Finding and Exploiting Security Flaws.
By Dafydd Stuttard.
Chapter 1
Web applications are everywhere.
The most common web vulnz:
- Cross-site scripting
- Cross-site request forgery
- Information leakage
- Broken access controls
- Broken authentication
- SQL Injection
Chapter 2
Most web apps ensures security controls with: Authentication, Access Control and Session Management.
As general rule, untrust all user input data. Always sanitize the INPUT as well as the OUTPUT content.
Attacks management:
- Handling errors
- Auditing logs
- Alerting Admins
- Reacting to attacks