For the first part, you are implementing the offensive concept, you are required to do the following steps

$1.$ Design a XSS Vulnerable web page.

$2.$ Inject a script in the vulnerable web page.

$3.$ Open the infected page in a virtual machine to verify that injected script is working or not.

For the second part, you are going to implement the defensive concept, you are required to do the

following steps

$1.$ Secure $($two techniques$)$ the vulnerable web page designed in Part A$.$

$2.$ Try to inject the same script in the secure web page and there should be error injecting it$.$