SQL Injection is a vulnerability that influences the Structured Query Language (SQL) [1] queries that an application passes to a back-end database. By exploiting what is given to the database, the attacker can leverage the syntax and capabilities of SQL itself and the power and flexibility of supporting database functionality and operating system functionality available to the database. Cross-Site Scripting (XSS) is a Code Injection attack executed on the client-side of an internet Application. The foremost common method of stealing cookies or hijacking sessions is to introduce JavaScript with a browser-supported html cryptography technique. [2] Cross-site scripting vulnerabilities ordinarily enable AN aggressor to masquerade as a victim user, to hold out any actions that the user is ready to perform, and to access any of the user’s knowledge. If the victim user has privileged access at intervals the applying, then the aggressor could be able to gain the full management over all the application’s practicality and knowledge. [3] The CWE/SANS Top 25 software errors place SQL injection and Cross-Site Scripting at the very top. Additionally, the Open Web Application Security Project (OWASP) lists Injection Flaws (SQL injection) as the most severe security vulnerability affecting Web applications in its Top 10 list. This highlights how common and very relevant in the domain of Web security. As developers, we should be aware of the consequences and prevention measures of these attacks. This report mentions a brief survey on the real-world attacks of SQL Injection and cross-site Scripting. Additionally, the paper highlights some defenses one can use to mitigate these attacks. Index Terms—SQL Injection, Cross-Site Scripting, Defenses