All web developers worth anything know this, but very often even the most experienced developer makes assumptions or simple mistakes that leave a dirty little hole which is ripe for pillaging.

I recently found a hole in an application which was caused by lazy / inadequate / ill-conceived input cleansing. The developers have been notified and will surely correct the problem shortly. I will release more detail regarding this when the issue has been resolved and a fix is in place. Of course, if you are a trusted dot-comrade I can fill you in before hand as requested. For everyone else, check out:

• The Anti-Samy Project
• The ha.ckers.org XSS (Cross Site Scripting) Cheat Sheet – Esp: for filter evasion
• Join the paranoid with NoScript