Attackers break into the web application by thinking like a programmer: identifying how the application is intended to work and determining shortcuts used to build the application. The hacker then attempts to interact with the application and its surrounding infrastructure in malicious ways simply by using the web browser or any of a large number of automatic hacker tools, such as CGI scanners and HTTP proxys. Understanding the techniques hackers use to manipulate Web applications and steal credit card data, falsify financial transactions or access proprietary information, is the first step in learning how to secure the Web application