I'v heard the keywords "XSS(Cross-Site Scripting)", "SQL injection", and "Session Hijack".
But, I didn't know the details about that keywords.

I learned how to attack a PHP-based web application from
the web sites:

• PHP Security Guide.
• On the security of PHP-based Web Applications

I'm surprised...
Believe it or not, web applications can be easily cracked if you don't take place security protections.
Don't expose your web application's vulnerabilities.

Did you know that CSS(Cascading Style Sheets) can also be used to do XSS ?

<style type="text/css">
  @import url(javascript:alert());
</style>

After all, there are many methods to attack web applications.
Web application developers and also I have to learn about the topic seriously.

Check it:

• Of course, Hatena::Diary handles XSS.
• mod_security will protect your web application from attacks.