Any website or Web Application is exposed to attacks, either directly or indirectly via compromised clients. However main targets are Webmail applications, ERP frontends and collaborative infrastructure portals, as they provide direct access to enterprise critical data. In the meantime any Web Application which deals with sensitive data, such as ebanking, ebusiness applications handling credit cards etc. is an ideal target.