Cross-Site Scripting Attacker inserts malicious code into an application, when regular users request the webpage it returns the malicious page and the attacker gains control over user data via code he injects.
Safely validating untrusted HTML input
Cookie security
Disabling scripts
A dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords. It is also known as dictionary password attack.
Most people use real words as passwords.
Trying all dictionary words and makes the attack much faster.
Hackers and spammers attempt to log in to a computer system by trying all possible passwords until the correct one is found.
Countermeasures
Lockout a user after X no of failed login attempts
Not using Dictionary words as passwords
