Chapter 4. Major Flaws in Web Applications
In Chapter 1, Introduction to Penetration Testing and Web Applications, we discussed the architecture of web applications and how the three layers, presentation (web server), application, and data access, need to work together to provide a seamless experience to the end user. The browser at the user end also plays a critical role in displaying the requested web page to the user. A flaw at any level can make the web application unstable and prone to attacks from malicious user.
Vulnerability at the data access layer is considered to be the most critical flaw as there is a chance of exposing the entire set of data stored on it, which might contain personal information and passwords. Access to the database has to be strictly guarded against attacks. The application layer is the place where you will find the majority of flaws caused due to programming errors and we will go through several of those flaws, for example, server-side scripting...