Due to their large and complex attack surface and the difficulty in ensuring they are secure, web applications continue
to be a prime target of hackers. All it takes is a flaw in the application itself, its framework, the web server or
proxy server configuration, or even some third-party component (e.g. a JavaScript library that is embedded on each web
page) to lead to a full compromise of a host or network.
 In this session, we will talk both generally about the trends in web application security and look at specific examples
of how key vulnerabilities arise (e.g. discussing how, without adequate sanitisation, tainted user input can reach
dangerous functions within some layer of the system), paying particular attention to those more subtle cases that
usually go under the radar.