The topic of Web threats is one that you could spend an entire book discussing, and lots of thick and juicy books out there are doing just that. This chapter doesn’t attempt to cover all that information and earns its keep in this book by showing you how to get started penetration testing your organization for Web threats. It examines common Web threats from three different angles—the client level, the server level, and the service level—as shown in Figure 24-1.

Figure 24-1. Common Web threats from three perspectives.

This chapter also describes countermeasures and provides tests to verify that those defenses have teeth—sharp ...