This book is a practical guide to discovering and exploiting security fl aws in
web applications. By “web applications” we mean those that are accessed using
a web browser to communicate with a web server. We examine a wide variety
of different technologies, such as databases, fi le systems, and web services, but
only in the context in which these are employed by web applications.
If you want to learn how to run port scans, attack fi rewalls, or break into servers
in other ways, we suggest you look elsewhere. But if you want to know how
to hack into a web application, steal sensitive data, and perform unauthorized
actions, this is the book for you. There is enough that is interesting and fun to
say on that subject without straying into any other territory