Three of the top five most common website attacks: SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI) share a root cause in common: input sanitization
. Or to be more accurate, a lack thereof. All three exploits are leveraged by data sent to the Web server by the end user. When the end user is a good guy, the data he sends the server is relevant to his interaction with the website. But when the end user is a hacker, she can exploit this mechanism to send the Web server input which is deliberately constructed to escape the legitimate context and execute unauthorized actions.