| ||
Writing Secure Code, Second Edition by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 13, Web-Specific Input Issues
Mitigating Cross-site Scripting With HTTP-only Cookies: http:// msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/httponly_cookies.asp
Request ValidationPreventing Script Attacks: www.asp.net/faq/requestvalidation.aspx
mod_perl Apache::TaintRequest: www.modperlcookbook.org/code.html
UrlScan Security Tool: www.microsoft.com/technet/security/tools/urlscan.mspx
Divide and ConquerHTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics: www.securityfocus.com/archive/1/356293
Prevent a cross-site scripting attack by Anand K. Sharma: www-106.ibm.com/ developerworks/library/wa-secxss/?ca=dgr-lnxw93PreventXSS
Preventing Cross-site Scripting Attacks by Paul Linder: www.perl.com/pub/a/2002/02/20/css.html
CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests: www.cert.org/advisories/CA-2000-02.html
The Open Web Application Security Project (OWASP): www.owasp.org
HTML Code Injection and Cross-site Scripting by Gunter Ollmann: www.technicalinfo.net/papers/CSS.html
Building Secure ASP.NET Pages and Controls: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh10.asp
Understanding Malicious Content Mitigation for Web Developers: www.cert.org/tech_tips/malicious_code_mitigation.html
How to Prevent Cross-Site Scripting Security Issues in CGI or ISAPI: http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3BQ253165
Hacme Bank: www.foundstone.com/resources/proddesc/hacmebank.htm
WebGoat: www.owasp.org/software/ webgoat .html