The default was to design is of course to allow all, and needless to say most applications choose to filter specific things in an attempt to prevent certain types of problems. The common attacks that exploit inadequacies in input filters are listed in this section. They range from allowing users to directly make calls to the back-end databases, to users being able to steal other users credentials though attacks like cross site scripting. There is a long history of these problems yet they are still common. A slew of these sort of attacks have recently been discovered in high profile commercial applications like Entrust.

Hackers will typically try all user input form fields for these problems.

Input Validation
Client Side Validation
Cross-Site Scripting
Direct OS Command
Direct SQL Commands
Path Traversal
Meta Characters
Null Characters

Canonicalization
Case Sensitivity
Unicode Encoding
URL Encoding
File System/OS Specific Issues
Extension Handling
MIME Handling

Parameter Manipulation
Cookie Manipulation
Form Field Manipulation
HTTP Header Manipulation
URL Manipulation

Authentication & Session Management
Brute Force
Infrastructure Authentication
Session Hijacking
Session Replay

Configuration Management
Default Accounts
Vendor Patches

Cryptographic
Key Space
Chosen Plaintext
Known Ciphertext
Random Number Generation
Weak Algorithms

Open APIs
Public Interfaces

Overflows
Heap Overflow
Stack Overflow
Format Strings

Informational and Privacy
Client-Side Comments
Debug Commands
Error Codes
File/Application Enumeration
Browser Cache
Browser History