The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. Web applications are the front door to most organizations, exposing them to. The Web Application Hacker’s Handbook (WAHH) Series is the most deep and comprehensive general purpose guide to hacking web applications that is currently available.
The Evolution of Web Applications
![App App](https://www.oreilly.com/library/view/the-web-application/9781118026472/images/ch021-f006.jpg)
In the early days of the Internet, the World Wide Web consisted only of web sites. These were essentially information repositories containing static documents. Web browsers were invented as a means of retrieving and displaying those documents, as shown in Figure 1-1. The flow of interesting information was one-way, from server to browser. Most sites did not authenticate users, because there was no need to. Each user was treated in the same way and was presented with the same information. Any security threats arising from hosting a website were related largely to vulnerabilities in web server software (of which there were many). If an attacker compromised a web server, he usually would not gain access to any sensitive information, because the information held on the server was already open to public view. Rather, an attacker typically would modify the files on the server to deface the web site's contents or use the server's storage and bandwidth to distribute “warez.”
Figure 1-1: A traditional website containing static information
![The hackers handbook The hackers handbook](https://media.wiley.com/product_data/coverImage300/3X/11189067/111890673X.jpg)
Today, the World Wide Web is almost unrecognizable from its earlier form. The majority of sites on the web are in fact applications (see Figure 1-2). They are highly functional and rely on two-way flow of information between the server and browser. They support registration and login, financial transactions, search, and ...