Web application vulnerabilities have become a major concern in software security. This paper will present major attack patterns, i.e. SQL injection, cross-site scr ipting, cross-site request forgery, Javascr ipt hijacking, and DNS rebinding, together with a survey and assessment

of the countermeasures available to web application developers.