Is worrying about XSS,CSRF,sql injection, cookie stealing enough to cover web-security?

Question

Web applications on uncompromised computers are vulnerable to XSS,CRSF,sql injection attacks and cookie stealing in unsecure wifi environments.

To prevent those security

Answer 1

About what you didn't mention:

You missed a dangerous attack in MVC frameworks: Over Posting Attack

You also missed the most annoying threats: Denial of Service

You also should pay enough attention to file uploads (if any...) and many more...

About what you mentioned:

XSS is really really really waster and more annoying to mitigate. There are several types of encoding including Html Encoding, Javascript Encoding, CSS Encoding, Html Attribute Encoding, Url Encoding, ...

Each of them should be performed to the proper content, in the proper place - i.e. Just doing Html Encoding the content is not enough in all situations.

And the most annoying about XSS, is that there are some situations that you should perform Combinational Encoding(i.e. first JavascriptEncode and then HtmlEncode...!!!)

Take a look at the following link to become more familiar with a nightmare called XSS...!!!

XSS Filter Evasion Cheat Sheet - OWASP