1Whodunit? Finding Security Vulnerabilities in Application Code
4Hands Off the Database
SQL injection is one of the most popular vectors of attack. When executed, the SQL statement fetches a different set of results from the database than the application would have originally requested. The attacker gains unauthorized access to or manipulates the data residing in the database on the server.
6Solving Cross-site Scripting
In this case, moving the <title> to after the <meta> tag prevents XSS attacks that trick the browser into using UTF-7 to decode the payload when the page should be actually rendered as UTF-8.