@shmVirus

Common Attack Classes

Injection, XSS, CSRF, broken authentication, and the OWASP Top Ten in practice.

Most web application vulnerabilities fall into a small number of well-understood categories. This chapter walks through the OWASP Top Ten, with demonstrations of SQL injection, cross-site scripting, cross-site request forgery, and insecure direct object references — and the defensive patterns that prevent each.