Web applications are one of the most prevalent
platforms for information and services delivery over Internet
today. As they are increasingly used for critical services, web
applications become a popular and valuable target for security
attacks. Although a large body of techniques have been developed
to fortify web applications and and mitigate the attacks
toward web applications, there is little effort devoted to drawing
connections among these techniques and building a big picture
of web application security research.