WEB APPLICATIONS ARE AN ESSENTIAL PART of the online experience. Every day, companies roll out Web applications to increase the appeal, functionality, and interactivity of their Web sites. These applications can take the form of portals, shopping carts, Web mail, online auctions, forms, discussion groups, and more. For all the good these Web applications introduce, they also bring a host of new vulnerabilities and security threats. Malicious users may invade a Web site through "backdoor access" of an unsecured Web application, completely circumventing perimeter security measures.

This chapter details the causes of these vulnerabilities and the largest targets for Web applications. In addition, ...