The most insidious computer attacks that we know of are those discussed in this chapter. They exploit vulnerabilities that you have little or no control over and that are incredibly difficult to discover and fix. They are the security vulnerabilities built into commercial software applications such as Microsoft's Internet Information Server (IIS), Oracle's Database servers, and Sun's Java Web Server. You cannot find and fix those vulnerabilities yourself. Unlike your own homegrown Web applications, commercial applications are controlled by an outside vendor, and you usually have virtually little ...