Security considerations for the developer
From the first day of a project, you should be thinking about security. Each piece of code has consequences for security. So, each piece of code should be reviewed carefully for security vulnerabilities. In practice, we very often consider security an "after thought". Only after making security mistakes do we start to think about it.
Browser attacks
The different browser attack methods are discussed in this section.
Cross-site scripting (XSS)
Cross-site scripting (also referred to as XSS) is a security breach that takes advantage of dynamically generated Web pages.
Cross-site scripting is "injection" of Java script. This may be in the database, URL, or an upload from files. XSS is often not that dangerous on its own, but when combined with bugs in a browser, a virus, or a worm, it can be serious. In most cases, the application express developer of the application is unaware of the issue, and it goes undetected for a long time.
An attacker injects JavaScript...
