In the first post of this series, we looked at some fundamental concepts of Web Application Security, and introduced the concept of Filter In, Escape Out. In today’s post, we will be examining the single most prolific vulnerability plaguing web applications today: Cross-Site Scripting (otherwise known as XSS). Not only is it prolific, it’s also commonly under-estimated and is often just a low priority after-thought. In reality, XSS is a formidable threat and needs to be treated as such.

This is the first post in a multiple part series on Web Application Security. Throughout this series, we will take a look at some of the different aspects of security as it relates to web applications and some techniques on how to mitigate them. Before we can dive into the finer details of Security, we must define what it is and what it is not. After that, we’ll talk about some foundational pieces that will drive and support the rest of the series.