This document explores key aspects of web application security, focusing on port scanning, OSINT techniques, and cross-site scripting (XSS) attacks. It delves into the functionalities of Nmap, a powerful security scanner, demonstrating its use for host discovery, port scanning, OS detection, and version detection. The document also examines the concept of Open Source Intelligence (OSINT) and its role in gathering information from publicly available sources. Furthermore, it provides a comprehensive analysis of persistent and non-persistent XSS attacks, outlining their mechanisms, prevention strategies, and mitigation techniques. The document concludes by discussing sensitive data exposure, highlighting its potential risks and outlining measures to protect sensitive information. Finally, it explores the OSWAP 10-2017 attacks, providing insights into real-world vulnerabilities and their exploitation.