It’s important to implement security measures early in the application’s development life cycle. For example, carry out software design phase security activities with architecture risk analysis and threat modeling. It is equally important to conduct security testing once application development is complete.
Strategies to prevent XSS attacks include:
Protect your organization by following secure development guidelines—building security in at all phases of the application’s development. Output encoding is also key to preventing XSS vulnerabilities. Make use of output encoding libraries that are relevant to the programming languages and frameworks your organization utilizes. Developers must also stay up-to-date with the XSS prevention best practices.
The Agile Security Manifesto