This document discusses various web application attacks including session hijacking, code injection, cross-site scripting (XSS), pharming, and URL spoofing. It provides details on how each attack works, examples, and potential defenses. Session hijacking involves stealing valid session IDs to take over user sessions. Code injection involves introducing malicious code via data inputs. XSS involves injecting client-side scripts to bypass access controls. Pharming and URL spoofing involve redirecting users to fake websites to steal login credentials.