This document discusses various types of web application attacks. It notes that custom vulnerabilities can exist in web applications regardless of the underlying operating system or web server configuration. These vulnerabilities are easy to exploit through a web browser but difficult to detect and defend against at the perimeter level, as they require fixing the underlying application code. Specific attacks discussed include SQL injection, which can allow attackers to indirectly access database content, and cross-site scripting vulnerabilities.