In addition to ActiveX, many technologies are prone to repurposing attacks. Some requests for external data (such as SQL statements and SOAP requests) can be harmful if an attacker can coerce a victim into making requests the attacker specifies. In some cases, the request for external data isnt harmful, but the ability to store that data through repurposing can allow an attacker access to privileged information. Because messages in the Windows operating system can be sent to any application, these messages can also be repurposed. Sometimes a repurposing attack is prevented or mitigated in the client; other times it is prevented on the server receiving the potentially repurposed data. Sometimes an attack isnt prevented at all. Using the tips in this chapter, you can help identify these issues and ensure they are correctly fixed.