The 12 most common application level hack attacks

I got an interesting paper in my email today entitled The 12 Most Common Application Level Hack Attacks? written by Watchfire Corporation. Most development probably know about most of these, but it was nice to see them collected in one place. In a nut shell, these are:

  • Cookie Poisoning
  • Hidden Field Manipulation
  • Parameter Tampering
  • Buffer Overflow
  • Cross-Site Scripting
  • Backdoor and Debug Options
  • Forecful Browsing
  • HTTP Response Splitting
  • Stealth Commanding
  • 3rd Party Misconfiguration
  • Known Vulnerabilities
  • XML & Web Services Vulnerabilities

The white paper also goes into some advice on how to code defensively and avoid these issues, namely:

  • Never trust any information that comes from the client, and never assume anything about it
  • It is always easier to secure simple login than complex logic

Although a bit basic, it makes interesting reading. Read the whole? white paper? here.


  1. @Riccardo: Agreed, the list was really designed for web applications. Sorry about not being clear. I’ve been working with web apps for so long now, that I have a blinkered view of the world !

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.