This book is a practical guide to discovering and exploiting security fl aws in web applications. By “web applications” we mean those that are accessed using a web browser to communicate with a web server. We examine a wide variety of different technologies, such as databases, fi le systems, and web services, but only in the context in which these are employed by web applications.