How to identify malicious HTTP Requests

Being a system administrator or a penetration tester, it is important to know how malicious requests are being conducted and how this kind of traffic can be identified. When the web application is being exploited or already defaced by a hacker, it is important to find the malicious requests from server logs and identify what kind of attack was used to identify the vulnerabilities in the web application.There are guides on different subjects when it comes to penetration testing and securing the application. Problem is that usually these guides concentrate only a specific attack vector. This paper will provide in-depth analysis on different attack vectors against web applications and demonstrate how these attacks can be found and identified from logs and on each other.