A typical web service today is not just a single network machine with a couple of scripts, it’s rather a whole infrastructure with a bunch of backends and internal communication protocols.
Lots of web attacks are related to the multi-layered architecture and they exploit inconsistent data processing between the layers.
We’ll overview approaches to the multi-layered application security assessment, typical attacks and exploitation techniques. Keywords: backend fingerprinting, path normalization, backslash powered scanner, HPP, reverse proxy, SSRF, ...