They're watching you - you know that? They've been scoping out your site for quite some time, looking at ways to screw with you and your site. All right, you think your code is secure, eh? Got the latest handy-dandy encryption on your stuff, all up to snuff on your patches and service packs. But you know what? You're making a critical blunder on your site, and you might not even know it. If you're taking information passed in on a Querystring and then you Response.Write it out on the page, uh-oh brother, you've got problems... You're ripe for the picking with Cross Site Scripting. Unless you already know where I'm going with this, read on.
[read article...]