Why Web Application Security?

Presence on the Internet involves dealing with an ever-shifting landscape.

Basically, an attacker inputs a malicious script into a web site. This can be in a forum, comment section, or any other input area. When victims visit that web site, they only need to click on that script to start the exploit.
A few facts about cross-site scripting attacks that you should be aware of are:

• Every month roughly 10-25 XSS holes are found in commercial products and advisories are published explaining the threat.
• Websites that use SSL (https) are in no way more protected than websites that are not encrypted. The web applications work the same way as before, except the attack is taking place in an encrypted connection.
• XSS attacks are generally invisible to the victim.
• All Web servers, application servers, and Web application environments are susceptible to cross-site scripting.