□ «Writing Secure Code, Second Edition» by Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 13 «Web–specific Input Issues»
□ Mitigating Cross–site Scripting With HTTP–only Cookies: http://msdn. microsoft.com/library/default.asp?url=/workshop/author/dhtml/httponly_ cookies.asp
□ Request Validation – Preventing Script Attacks: www.asp.net/faq/ requestvalidation.aspx
□ mod_perl Apache::TaintRequest: www.modperlcookbook.org/code.html
□ «UrlScan Security Tool»: www.microsoft.com/technet/security/tools/ urlscan.mspx
□ «Divide and Conquer – HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics»: www.securityfocus.com/archive/1/356293
□ «Prevent a cross–site scripting attack» ny Anand K. Sharma: www–106. ibm.com/developerworks/library/wa–secxss/?ca=dgr–lnxw93PreventXSS
□ «Prevent Cross–site Scripting Attacks» by Paul binder: www.perl.eom/pub/a/ 2002/02/20/css.html
□ «CERT Advisory CA–2000–02 Malicious HTML Tags Embedded in Client Web Requests»: www.cert.org/advisories/CA–2000–0.html
□ The Open Web Application Security Project (OWASP): www.owasp.org
□ «HTML Code Injection and Cross–site Scripting» by Gunter Oilman: www.technicalinfo.net/papers/CSS.html
□ Building Secure ASP.NET Pages and Controls: http://msdn/microsoft.com/ library/default.asp?url=/library/en–us/dnnetsec/html/THCMChl0.asp
□ Understanding Malicious Content Mitigation for Web Developers: wwweert. org/ tech_tips/malicious_code_mitigation. html
□ How to Prevent Cross–Site Scripting Security Issues in CGI or ISAPI: support. microsoft.com/default.aspx?scid=kb%3BEN–US%3BQ253165
□ Hacme Bank: www.foundstone.com/resources/proddesc/hacmebank.htm
□ WebGoat: www.owasp.org/software/webgoat.html