Chapter 23. Common Attacks and Solutions

There are many ways that your Web applications can be attacked. It is almost impossible to anticipate all of the types of attacks your application will endure, but you can ensure that you are protected against some well-known attacks by applying the industry’s best programming practices, some of which are described in the previous chapter, “Programming Practices.”

In addition, by considering certain types of attacks in the context of your own applications, you will likely be able to prevent them. Most vulnerabilities exist because the developer failed to consider a particular scenario.

This chapter examines a few of the most common types of attacks that Web applications must endure and discusses approaches to protect against these attacks. In most cases, the design of your application is the most important step in protecting against attack, although many people unfortunately only assess security risks once an application has been developed. The best approach is to analyze potential risks and incorporate your expertise into the initial design of your applications.