Overview

Web pages and controls are in your application's front line of defense and can be subject to intense probing by attackers who are intent on compromising your application's security. These attacks are often ultimately aimed at back-end systems and data stores.

Input data validation should be a top consideration when you build Web pages because the majority of top application-level attacks rely on vulnerabilities in this area. One of the most prevalent attacks today is cross-site scripting (XSS), which is more of an attack on your application's users than on the application itself, but it exploits server-side application vulnerabilities all the same. The results can be devastating and can lead to information disclosure, identity spoofing, and elevation of privilege.