Conclusion

Attacking web applications is the easiest way to compromise hosts, networks and users. Generally nobody notices web application penetration, until serious damage has been done. Web application vulnerability can be eliminated to a great extent ensuring proper design specifications and coding practices as well as implementing common security procedures. Various tools help the attacker to view the source codes and scan for security holes. The first rule in web application development from a security standpoint is not to rely on the client side data for critical processes. Using an encrypted session such as SSL or "secure" cookies are advocated instead of using hidden fields, which are easily manipulated by attackers. A cross-site scripting vulnerability is caused by the failure of a web based application to validate user supplied input before returning it to the client system. If the application accepts only expected input, then the XSS can be significantly reduced.