A very long paper on web application security threats has been released by honeynet.org. If you’re
curious about web application security this document is a good place to start for the overall picture.
"With the constant growth of the Internet, more and more web
applications are being deployed. Web applications offer services such
as bulletin boards, mail services such as SquirrelMail, online shops,
or database administration tools like PhpMyAdmin. They significantly
increase the exposed surface area by which a system can be exploited.
By their nature, web applications are often widely accessible to the
Internet as a whole meaning a very large number of potential attackers.
All these factors have caused web applications to become a very
attractive target for attackers and the emergence of new attacks. This
KYE paper focuses on application threats against common web
applications. After reviewing the fundamentals of a typical attack, we
will go on to describe the trends we have observed and to describe the
research methods that we currently use to observe and monitor these
threats. In Appendix A, we give actual examples of a bot (a variant of
PERL/Shellbot), the Lupper worm and an attack against a web Content
Management System (CMS) as examples that show how web application
threats actually act and propagate."
Article Link: http://www.honeynet.org/papers/webapp/index.html
