The present disclosure relates generally to security testing of web applications. More specifically, the techniques described herein include classifications of defense measures implemented in web applications.