The document discusses various web application security vulnerabilities such as hidden field manipulation, parameter tampering, cross-site scripting, and SQL injection. It provides examples of how attackers can exploit these vulnerabilities and recommendations for developers on how to prevent attacks, including sanitizing user input, encrypting cookies, and validating parameters.
3. Anatomy of a web application Sanctum systems Data Database Backend systems frontend systems Web Server User interface code Valid Input Browser Custom code: e.g. html, forms, javascript Off the shelf application: e.g. websphere Custom code: e.g. servelet, jsp, asp Applications: e.g. SAP, ORACLE Applications: e.g. ORACLE, DB2
4. Web application threats Sanctum systems Data Database Backend systems frontend systems Web Server User interface code Invalid input Code Data Browser Code, Web server, Front end system, Back end system or database flaws resulting in unauthorized access of privileged accounts, the OS, network, or sensitive data and may result in denial of services.