Because the web is becoming more and more “executable” and because nearly every target has a web presence, this chapter examined web-based exploitation. The chapter began by reviewing techniques and tools for interrogating web servers. The use of Nikto was covered by locating specific vulnerabilities in a web server. Exploring the target website by discovering directories and files was demonstrated through the use of a spider. A method for intercepting website requests by using WebScarab was also covered. Code injection attacks, which constitute a serious threat to web security. Code injection attacks, which constitute a series threat to web security, were explored. Specifically, we examined the basics of SQL injection attacks. The chapter concluded with a brief discussing and example of cross-site scripting (XSS).