If your website has only static html pages with no script codes just html and data, you are mostly safer that way then some one else who have forms and scripts, but advanced website developing theses days needs scripts and forms. Dealing with a lot of information and data will make your website’s webmaster work harder for every update if you don’t use a dynamic way instead of a static, or when you deal with products that you starting to sale, search forms to make it easier for your client to find what they need, registration for members to keep your visitors around for new release or products. Will push you to use forms and scripts, but be careful because by adding scripts and forms can create vulnerabilies, even security features that you add can be a risk to your website, common mistakes that webmasters or web designers does, is including a form to require the members authentication,  sending the username and password as clear text is a vulnerability because an attacker could intercept the clear text .

Another example is when you include a form where your visitors type some kind of information, that you display in the next page to make your client sure of the text he/she entered is correct, attackers my use that form to send scripts and code and ones the next page comes it execute the script that the attacker sent in the previews page.

One more common mistake, when you try to create an automated system for password recovery, ones you ask your client who lost his/her password for the go , if you can not afford it , try to search for more articles and tips in the internet that may help you to prevent some of the common mistakes email address to send the password , attackers my include the user’s email follow by coma and then the attacker’s email and here the password is sent to both of them…

Security is very hard thing to deal with when it comes to developing a website, if you can afford to hire a very smart developer who is smart in security that is the best way to