== Most Common Locations

* Search fields that echo a search string back to the user

* Input fields that echo user data

* Error messages that return user supplied text

* Hidden fields that contain user supplied data

* Any page that displays user supplied data
** Message boards
** Free form comments

* HTTP Headers