The most prominent components of web applications that intruders will first seek to exploit are vulnerabilities within the web platform. The web platform is comprised of common (not necessarily commercial!) off-the-shelf (COTS) software that sits atop the host operating system but below the custom application logic. The web platform commonly includes:

• Web server software (such as IIS or Apache)

• Extensions to the web server, such as ISAPI filters and extensions, or Apache modules

• Dynamic execution environments like ASP.NET, PHP, and J2EE (also referred to as application servers)

• Services and daemons, such as user forums or web guestbook packages

In contrast to our definition of the web platform, we consider ...

Get Hacking Exposed Web Applications, Third Edition, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.