Malicious people spread malware by exploiting XSS vulnerabilities on high profile websites. More specifically they inject an IFRAME which loads malicious content from different IP sources around the globe. The excellent SEO applied to most high pagerank websites, as a result attracts too many web users who unwittingly click the indexed trap links in SERPs after searching for a popular keyword, and consequently get affected by malware, adware and spyware.
It is better to manually review codes than to use automated reviewing software. This is a time consuming, yet rewarding process that should be done carefully and with attention to the last detail. A major advantage would be to retain your visitors's faith and even attract more visitors by showing that you protect their privacy and security. You show this by not being in the negative spotlight of the media about vulnerabilities in your website. You also don't want to knowlingly harbor them because your business and famousness will be at great risk. Placing a "
Hacker Safe" badge won't do any good either.
