Notes

  1. The Samy Worm “I’ll never get caught. I’m Popular.” – http://namb.la/popular/

  2. Cross-site Scripting (Web Security Threat Classification) – http://www.webappsec.org/projects/threat/classes/cross- site_scripting.shtml

  3. Teen uses worm to boost ratings on MySpace.com, Computerworld, October 17, 2005 – http://www.computerworld.com/securitytopics/security/holes/story/0,10801,105484,00.html

  4. Do Online Banks Facilitate Fraud?, TheMotleyFool.com, December 8, 2004 – http://www.fool.com/News/mft/2004/mft04120810.htm

  5. Phishing with Superbait, Silicon Valley Chapter (San Jose), April, 2005 – http://www.whitehatsec.com/presentations/phishing_superbait.pdf

  6. Content Restrictions – http://www.gerv.net/security/content-restrictions/

  7. A phishing wolf in sheep’s clothing, ZDNet, March 14, 2005 – http://news.zdnet.com/2100-1009_22-5616419.html

  8. The Cross Site Scripting FAQ – http://www.cgisecurity.com/articles/xss-faq.shtml

  9. XSS cheat sheet – http://ha.ckers.org/xss.html

  10. Ajax: A New Approach to Web Applications, Jesse James Garrett, February 18, 2005 – http://www.adaptivepath.com/publications/essays/archives/000385.php

  11. XMLHttpRequest, XUL Planet – http://www.xulplanet.com/references/objref/XMLHttpRequest.html

  12. Cross-Site Scripting Worm Hits MySpace, BetaNews, October 13, 2005 – http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391

  13. Samy’s cancelled MySpace profile – http://www.myspace.com/33934660

  14. Technical explanation of the MySpace worm – http://namb.la/popular/tech.html

  15. .CAIDA Analysis of Code-Red – http://www.caida.org/analysis/security/code-red/

  16. .Code-Red: a case study on the spread and victims of an Internet worm – http://www.caida.org/outreach/papers/2002/codered/codered.pdf

  17. .SQL slammer (computer worm) – http://en.wikipedia.org/wiki/SQLSlammer

  18. The Spread of the Sapphire/Slammer Worm – http://www.cs.berkeley.edu/~nweaver/sapphire/

  19. Slammed!, Wired, July 2003 – http://www.wired.com/wired/archive/11.07/slammer.html

  20. Viruses and Worms: What Can We Do About Them?, Testimony of Richard D. Pethia, September 10, 2003 – http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/

  21. Yahoo Attack Exposes Web Weakness, BBC News, February 9, 2000 – http://news.bbc.co.uk/1/hi/sci/tech/635444.stm

  22. Post to BugTraq by Elias Levy, February 11, 200 – http://www.sdnp.undp.org/rc/forums/tech/sdnptech/msg02563.html

  23. Xanga Hit By Script Worm – http://blogs.securiteam.com/index.php/archives/166

  24. Account Hijackings Force LiveJournal Changes – http://blogs.washingtonpost.com/securityfix/2006/01/account_hijacki.html

  25. NoScript Firefox extension – https://addons.mozilla.org/extensions/moreinfo.php?id=722&application=firefox

  26. Netcraft Toolbar – http://toolbar.netcraft.com/

  27. Security Corner: Cross-Site Request Forgeries December, 2004 – http://shiflett.org/articles/security-corner-dec2004

  28. The CAPTCHA Project, Telling Humans and Computers Apart – http://www.captcha.net/

  29. Mitigating Cross-site Scripting With HTTP-only Cookies – http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp

  30. Web Security Threat Classification – http://www.webappsec.org/projects/threat/

  31. Web Application Firewall Evaluation Criteria (WAFEC) – http://www.webappsec.org/projects/wafec/