In this presentation we will learn what cross-site scripting is, how an actual attack takes place and how to test if our Web sites are vulnerable to a cross-site scripting attach. Then we will discuss how to mitigate the risks of being vulnerable to a cross-site scripting attack.