Update 09.3.md

typographical errors and improved readability

en/09.3.md

@@ -2,7 +2,7 @@
 
 With the development of Internet technology, web applications are often packed with dynamic content to improve user experience. Dynamic content is content that reacts and changes according to user requests and actions. Dynamic sites are often susceptible to cross-site scripting attacks (often referred to by security experts in its abbreviated form, XSS), something which static websites are completely unaffected by.
 
-## What is XSS
+## What is XSS?
 
 As mentioned, the term XSS is an acronym for Cross-Site Scripting, which is a type of attack common on the web. In order not to confuse it with another common web acronym, CSS (Cascading Style Sheets), we use an `X` instead of a `C` for the cross in cross-site scripting. XSS is a common web security vulnerability which allows attackers to inject malicious code into webpages. Unlike most types of attacks which generally involve only an attacker and a victim, XSS involves three parties: an attacker, a client and a web application. The goal of an XSS attack is to steal cookies stored on clients by web applications for the purpose of reading sensitive client information. Once an attacker gets ahold of this information, they can impersonate users and interact with websites without their knowledge or approval.
 
@@ -53,7 +53,7 @@ This allows client browsers to parse the response as javascript code (applying t
 
 ## Summary
 
-Introducing XSS vulnerabilities is a very real hazard when developping web applications. It is important to remember to filter all data, especially before outputting it to clients; this is now a well-established means of preventing XSS.
+Introducing XSS vulnerabilities is a very real hazard when developing web applications. It is important to remember to filter all data, especially before outputting it to clients; this is now a well-established means of preventing XSS.
 
 ## Links