Cross-Site Scripting (XSS) is currently number 3 on the OWASP Top 10 Application Security Risks. In this talk we will look at XSS in 3 parts: (1) What is it? (2) How do we detect it? (3) How do we prevent it? By the end of the talk you should understand the basics of XSS, some of the tools used to detect it, and methods you can use to prevent it.