The Boston Application Security Conference (BASC) was this past weekend, and Patrick Laverty from Akamai InfoSec's CSIRT team gave a talk called "How Hackers View Your Web Site."
Patrick recorded the talk and posted it on his YouTube channel. Like everything he does, it's quite good. So I'm sharing it here.
Laverty described his talk this way:
"As defenders, we have to be right 100% of the time where an attacker only needs to be right once. The attack surface of a modern web site is incredibly large and we need to be aware of all of it. Additionally, individual attacks may not always be effective but sometimes using them together can gain the desired effect. In this talk, we'll take a look at the whole attack surface for a typical web site and the various ways that an attacker will use to compromise a site."