6


Web Application Vulnerabilities
Without any protection,
holes and backdoors exist at every layer waiting to be exploited
Web Server                                              
User Interface Code                               
Front end Application                             
Backend Application                             
Database                                         
Data                                               
Invalid Data can exploit weakness in the application acting as escape holes resulting in access to unauthorized accounts, O/S network, sensitive data  and may even result in an application denial of service
Valid Input
HTML/HTTP
Browser
Invalid Input
HTML/HTTP
Each layer of the application has its own unique vulnerabilities. A vulnerability fixed at one layer may still be exploited at another layer. An exploit at any layer of the application effects the integrity and behavior for the entire application