The main part of global international network Internet is working and presentation information through protocol HTTP.This protocol is developed for transporting text data in the network.For presentation information which is transported by using this protocol some number of markup languages are used. The most prominient of them is HTML ,but all this languages are based on
one fundemental language SGML. SGML is fundemantal markup language for presentation data, but all its abilties and its power doesn't need at the moment.The document or the source of HTML isn't compiled, it will be interpreted by client-application called browser which made a request
to the server.The standart of presentation data based on HTML markup language is hold by W3C organization.At the moment there are four dominate browsers in the world IE from Microsoft,FireFox from mozilla,Opera and Safari from apple. We must say that all this browsers can present the same html document into different view.Also a specific programming language javascript has been developed for more interactive client's work with html-document .The source of this language is ussually integrated into html-document.The way of processing this language by browsers is also different.Since the begining of 2007 year over then one hundred vulnuberities have been discovered in this browsers.It is significant that most of them are conserned with incorrect working with normal according to standart of W3C html or javascript code.It is mean that in most cases the vulnuberities are the mistakes of browser's developers. For example some malefactor is able to execute any programming code on the client's workstation by using the overflow of buffer. The most worth thing is that ability to do such or similar to it can be appeared in future. As you know the database of existed vulneberities permanently is growing up. in this situation secure application is not able to protect you workstation from new kind of atack. To avoid this situation we can use some evristic methods for indetification of atack on your machine.The main idea is in the using variety of some flags of atack.In order to setting this flags over then fifty existed vulneberities have been analysed.While analysing some variety of such flags has been found.it is significant that vlunuberity can consist of some actions that are done in specific order. For indentification such atacks secure system must be able to work with some variety of flags and find varios probable connections of this flags in order to do a right conclusion of atack event's existion.