IntroductionThere are more web application vulnerabilities than can even be counted, and they have become so widespread that most hacking sites have tools that you can download to scan, find and exploit these vulnerabilities. This makes it very easy for even a novice hacker to exploit these vulnerabilities. Three common web application vulnerabilities and attacks are: username enumeration, security misconfiguration, and SQL injection. Three common web application vulnerabilities and attacks. Username enumeration is my number one common web application vulnerability and/or attack. This type of attack is a backend validation script that helps an attacker determine whether a username is correct or not. This vulnerability opens the door to an attacker allowing them to test different usernames in order to locate valid ones. Attackers often use default usernames and passwords such as admin/admin, etc. Some mitigation strategies that can help minimize these types of attacks would include limiting the number of failed attempts that can be made, as well as ensuring that default usernames and passwords are changed and never used in production systems. (Cobb, 2011)Misconfiguration of security is my second common vulnerability and/or attack in web applications. If a network infrastructure supports any type of web applications running on things like databases, firewalls, and servers, it is absolutely necessary that they be configured and maintained more securely. Some mitigation strategies may include configuring with a minimum number of privileges defined. Ensure that users are adequately trained. It can also be beneficial to perform penetration testing to determine whether web applications are securely configured and able to resist law violators. The more laws the federal government creates to try to regulate the Internet, the more exposed it will be to attacks. (O'Keefe, 2012) Works Cited Cobb, M. (2011), Five Common Web Application Vulnerabilities and How to Avoid Them, retrieved January 17, 2014 from http://searchsecurity.techtarget.com/tip/Five-common- Web Application Vulnerabilities and How to Avoid ThemKennedy, S. (2005). Common Web Application Vulnerabilities, retrieved January 17, 2014 from http://www.isaca.org/Journal/Past-Issues/2005/Volume-4/Pages/Common-Web-Application-Vulnerabilities1.aspxO'Keefe, E. (2012), How was the Department of Justice website attacked? , Accessed January 17, 2014, http://www.washingtonpost.com/blogs/federal-eye/post/how-was-the-justice%20department-web-site%20attacked/2012/01/19/gIQA6EGHDQ_blog. html?wpisrc=nl_fedinsider