This document provides a review of anomaly-based intrusion detection techniques for multi-tier web applications. It discusses both traditional signature-based methods and newer data mining-based anomaly detection approaches. Several key anomaly detection techniques are summarized, including rule-based systems, multimodal approaches, state transition analysis, profiling of internal application states, and combined approaches that analyze both web requests and database queries. The review finds that anomaly detection is better suited than misuse detection for detecting unknown attacks against complex multi-tier web applications.