In this chapter, a detailed knowledge of some of the most devastating attacks against Web applications and common tools in the attacker's arsenal is discussed. There are many ways of categorizing and classifying attacks: based on the complexity to mount them, the effect they have on the target system, the type of vulnerability that they exploit, the assets that they expose, the difficulty of detecting and fixing them, and so on. There are different methodologies for Vulnerability Assessment and Threat Analysis (VATA) and many sources to consult for assessing the risk of each attack. Among other sources, in this chapter we pay special attention to the methodology of Open Web Application Security Project (OWASP) because OWASP is one of the most active security communities on the Web. Other good resources to follow the attack and vulnerability trends are Common Vulnerabilities and Exposures (CVE), National Vulnerability Database (NVD), United States CERT Bulletins (US-CERT), and SANS.