When most developers think of cross-site scripting (XSS) bugs, they think of bugs in web sites that lead to attacks on client browsers, but over the last few years there has been an increase in server XSS bugs, and an alarming increase in client-side XSS issues. The latter attack form is relatively new and is the subject of the next chapter.
Since we wrote the original 19 Deadly Sins of Software Security, research by MITRE Corporation shows that XSS bugs have overtaken the humble but common buffer overrun as the bug de jour.
We think the reason for the increase in XSS issues is many faceted.
First, there has been an explosion in the quantity of ...