The URL, the tiny portal into a Web server's inner mechanics, has the capacity to render all firewall, intrusion detection systems, and proxy security technologies useless. Users have to let port 80 (HTTP) and 443 (SSL) traffic through their firewalls. They can't possibly accommodate every combination of illegal URLs and devise an IDS signature or proxy filter for attacks through these ports. In essence, all the technologies used to fight Web cyber-terror might as well be left on the shelf when it comes to Web attacks. To help identify vulnerabilities we discussed URL structures, the passing of parameters between Web browser and server, URL encoding and its potential for abuse, and finally HTML forms.