So, are you still with me? This chapter contains a huge amount of information, and you will undoubtedly want to test many of these configurations within your environment. If you have any questions concerning the information presented in the Threat Classification, or web security questions in general, you can contact the Web Security Mailing List, which is maintained by the Web Application Security Consortium (WASC) members. Please visit the WASC web site for mail-list information: http://www.webappsec.org.
The main goal of this chapter was to present the different types of threat categories that are present when offering web applications to the public. In addition to presenting the threat definitions and examples, I also provided you with practical mitigation strategies if you are using Apache as the front-end web server for your applications.
Moving on, the next chapter will take the concepts that we have discussed in this chapter and apply them to a demonstration web application called Buggy Bank. This application simulates many of the web application vulnerabilities that we have discussed in this chapter and provides us with a great tool to apply our new mitigation techniques.