As we have seen, there are a wide variety of ways in which attackers can exploit web applications. Many of the available attack surfaces provide miscreants with the ability to carry out several different types of attacks. Attackers, it turns out, are not all motivated by the same end goals. Some attack for profit, others for fun, others for revenge, and some are in the business of collecting end-user systems that can later be rented out to attackers for nefarious purposes.

The end goal of the attackers – the human part of the equation– is outside the scope of this book. The technical reasons for attacks will be the focus of this chapter.

There are three distinct threat vectors for applications upon which attackers ...

Get Web Application Security is a Stack: How to CYA (Cover Your Apps) Completely now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.