The main difference between web applications and other types of application is that web applications don't have software or a user interface installed on the client, so the browser plays the role of client on the user's device.

In this chapter, we will focus on vulnerabilities that take advantage of the fact that the browser is a code interpreter that reads HTML and scripting code, and displays the result to users, as well as allowing them to interact with the server via HTTP requests and more recently WebSockets, an addition to the latest version of the HTML language, HTML5.