| ||
Get right to fixing the problem and keeping the attackers out.
Pay special attention to highlighted user input as bold text in the code listing.
Every attack is accompanied by an updated Risk Rating derived from three components based on the authors' combined experience:
Popularity: | The frequency of use in the wild against live targets, with 1 being rarest, 10 being widely used |
Simplicity: | The degree of skill necessary to execute the attack, with 1 being a seasoned security programmer, 10 being little or no skill |
Impact: | The potential damage caused by successful execution of the attack, with 1 being revelation of trivial information about the target, 10 being superuser-account compromise or equivalent |
Risk Rating: | The overall risk rating (average of the preceding three values) |